| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 May 2016 02:03:56 -0400 (EDT) From: David Miller <davem@...emloft.net> To: soheil.kdev@...il.com Cc: netdev@...r.kernel.org, edumazet@...gle.com, maze@...gle.com, willemb@...gle.com, soheil@...gle.com Subject: Re: [PATCH net-next] sock: ignore TIMESTAMP, RXQ_OVFL, WIFI_STATUS in sock_cmsg_send From: Soheil Hassas Yeganeh <soheil.kdev@...il.com> Date: Fri, 13 May 2016 00:47:10 -0400 > From: Soheil Hassas Yeganeh <soheil@...gle.com> > > SO_TIMESTAMP(NS), RXQ_OVFL, and WIFI_STATUS can be returned as > receive-side control messages from recvmsg(). Although invalid, > some applications may reflect those receive-side control messages > back to sendmsg(). Since socket-level control messages were being > ignored in ipv4 and ipv6, such applications would not get an error. > > 24025c4 (ipv4: process socket-level control messages in IPv4) and > ad1e46 (ipv6: process socket-level control messages in IPv6) add > support for socket-level control messages in ipv4 and ipv6 on > sendmsg(). This results in getting -EINVAL, if the application > passes in a message with SO_WIFI_STATUS, SO_RXQ_OVFL, SO_TIMESTAMP > and/or SO_TIMESTAMPNS that might have been received in recvmsg(). > > Ignore SO_WIFI_STATUS, SO_TIMESTAMP(NS), and SO_RXQ_OVFL when > processing socket-level control messages in send-side to remain > backward compatible. This patch is missing a proper Signed-Off-By: tag. But I think this change is wrong. Just because we silently accepted garbage in the past doesn't mean more strict checking is invalid. Applications blindly echoing control messages from recvmsg to sendmsg must be fixed.
Powered by blists - more mailing lists