lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Jan 2008 17:18:48 -0600 (CST) From: Brent Casavant <bcasavan@....com> To: Tom Spink <tspink@...il.com> cc: Rick Jones <rick.jones2@...com>, netdev@...r.kernel.org, David Miller <davem@...emloft.net>, linux-kernel@...r.kernel.org Subject: Re: AF_UNIX MSG_PEEK bug? On Tue, 8 Jan 2008, Tom Spink wrote: > Where in the code is the message length being sent across the socket? In do_producer(), there are the following lines in the main loop: /* Send random lengths of data */ messages[i].length = (rand() % MAXLEN) + sizeof(size_t); iov[i].iov_len = messages[i].length; The entire "struct sockmsg" is sent across the socket, so the first size_t in each message contains the length of the entire message (including the size_t). This size gets picked up at the recv(...,MSG_PEEK) line in do_consumer(). Thanks, Brent -- Brent Casavant All music is folk music. I ain't bcasavan@....com never heard a horse sing a song. Silicon Graphics, Inc. -- Louis Armstrong -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists