lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.BSF.1.00.0801081716010.24286@pkunk.americas.sgi.com>
Date:	Tue, 8 Jan 2008 17:18:48 -0600 (CST)
From:	Brent Casavant <bcasavan@....com>
To:	Tom Spink <tspink@...il.com>
cc:	Rick Jones <rick.jones2@...com>, netdev@...r.kernel.org,
	David Miller <davem@...emloft.net>,
	linux-kernel@...r.kernel.org
Subject: Re: AF_UNIX MSG_PEEK bug?

On Tue, 8 Jan 2008, Tom Spink wrote:

> Where in the code is the message length being sent across the socket?

In do_producer(), there are the following lines in the main loop:

	/* Send random lengths of data */
	messages[i].length = (rand() % MAXLEN) + sizeof(size_t);
	iov[i].iov_len = messages[i].length;

The entire "struct sockmsg" is sent across the socket, so the first
size_t in each message contains the length of the entire message
(including the size_t).  This size gets picked up at the
recv(...,MSG_PEEK) line in do_consumer().

Thanks,
Brent

-- 
Brent Casavant                          All music is folk music.  I ain't
bcasavan@....com                        never heard a horse sing a song.
Silicon Graphics, Inc.                    -- Louis Armstrong
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ