| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Nov 2013 20:22:40 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Eric Dumazet <eric.dumazet@...il.com> Cc: mpb <mpb.mail@...il.com>, netdev@...r.kernel.org Subject: Re: [PATCH v3] net: don't return uninitialized addresses on concurrent socket shutdown On Sat, Nov 16, 2013 at 04:36:24PM -0800, Eric Dumazet wrote: > On Sat, 2013-11-16 at 23:43 +0100, Hannes Frederic Sowa wrote: > > > I do think it is common to call recvfrom, process the packet and sendto > > back a packet with the updated values from recvfrom. We accept AF_UNSPEC > > on an IPv4 UDP socket and use the addresses as it would be a AF_INET > > sockaddr. We only bail out if the port is 0. > > > > It was my intend to at least clear the addressing portions of the regular > > sockaddr_* structure for the user as it could be reused as explained > > earlier and be allocated uninitialized on the stack (or reused, so > > sending packet to a previous destination). I think it is very uncommon to > > expect a non-error value on a recvfrom/recvmsg and have AF_UNSPEC in the > > sockaddr. > > > > (I erroneously stated that we could return the full 128 zero bytes, we only > > clear 128 bytes and return only max(128, msg.msg_namelen). msg_namelen gets > > updated by the recvmsg handler and that only iff we have this concurrent > > shutdown and blocking read issue.) > > > > If the socket structure is cleared a following sendto would produce a -EINVAL. > > > > Maybe I am too sensible regarding such problems and will think about that a > > bit more (and check for AF_INVALID/AF_UNSPEC). > > > > I think the _default_ should be to clear it. > > - msg.msg_namelen = sizeof(address); > + msg.msg_namelen = 0; > > And subsystems filling a real address would set it back to the length > they took care of. > > in recvfrom() paths, the kernel _knows_ it uses an array of 128 bytes. > (struct sockaddr_storage) I agree, that's the only sane approach we can take. Both the AF_UNSPEC and also the AF_INVALID approach does conflict how packet sockets structure their sockaddr_pkt (dev->type is put in sa_family and both 0 and 0xFFFF are valid interface types). I'll check it out. Thanks, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists