lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 18 Oct 2016 21:46:48 +0300
From:   Isaac Boukris <iboukris@...il.com>
To:     netdev@...r.kernel.org
Subject: Re: iproute: ss truncates abstract unix domain socket embedding null

Hi again,

On Sun, Oct 16, 2016 at 11:43 PM, Isaac Boukris <iboukris@...il.com> wrote:
> Hello,
>
> The unix(7) man page says that null have no special meaning in
> abstract unix domain socket address (the length is specified
> therefore).
>
> However, when such name (embedding null) is used, ss (and netstat)
> will only show up to the first null occurrence (second technically, if
> we count the null prefix).
> e.g. the name "\0/tmp/fo\0.sock" is displayed as: "@/tmp/fo" (whilst
> strace tool shows it as: sun_path=@"/tmp/fo\0.sock").
>
> Would it be more useful if it printed the whole name and escaped the null?
> If so, would '\0' be ok for escaping the null?


Meanwhile, I've got it to escape the null character with with '\0' as suggested.
Can anyone take a look and advise if I'm on the right track? Thanks!


diff --git a/misc/ss.c b/misc/ss.c
index dd77b81..3e41f44 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -2869,7 +2869,7 @@ static int unix_show_sock(const struct
sockaddr_nl *addr, struct nlmsghdr *nlh,
        struct filter *f = (struct filter *)arg;
        struct unix_diag_msg *r = NLMSG_DATA(nlh);
        struct rtattr *tb[UNIX_DIAG_MAX+1];
-       char name[128];
+       char name[128*2];
        struct sockstat stat = { .name = "*", .peer_name = "*" };

        parse_rtattr(tb, UNIX_DIAG_MAX, (struct rtattr *)(r+1),
@@ -2891,11 +2891,25 @@ static int unix_show_sock(const struct
sockaddr_nl *addr, struct nlmsghdr *nlh,
        }
        if (tb[UNIX_DIAG_NAME]) {
                int len = RTA_PAYLOAD(tb[UNIX_DIAG_NAME]);
+               char *real_name = RTA_DATA(tb[UNIX_DIAG_NAME]);

-               memcpy(name, RTA_DATA(tb[UNIX_DIAG_NAME]), len);
-               name[len] = '\0';
-               if (name[0] == '\0')
+               if (real_name[0] == '\0') {
+                       int i, j;
                        name[0] = '@';
+                       for (i = j = 1; i < len; ++i) {
+                               if (real_name[i] == '\0') {
+                                       name[j++] = '\\';
+                                       name[j++] = '0';
+                               }
+                               else
+                                       name[j++] = real_name[i];
+                       }
+                       name[j] = '\0';
+               } else {
+                       memcpy(name, real_name, len);
+                       name[len] = '\0';
+               }
+
                stat.name = &name[0];
                memcpy(stat.local.data, &stat.name, sizeof(stat.name));
        }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ