lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 17 Apr 2008 14:08:37 +0100
From:	Gerrit Renker <gerrit@....abdn.ac.uk>
To:	netdev@...r.kernel.org
Subject: [COMPAT]: non-cmsg data gets interpreted as cmsg data (sparc64)

I am having troubles with 
 
 * using sendmsg() with non-zero msg_controllen 
 * on the compat layer on sparc64
 * running an updated Debian lenny distribution.

The problem involves passing a "struct msghdr" containing priority
information for the packet which is to be used by DCCP.

The following code segment works without problems on IA-32:

	uint32_t prio = 10;
	struct msghdr msg;

	// fill in iov bits of msg
	// ...
	msg.msg_control	   = &prio;
	msg.msg_controllen = sizeof prio;

	if (sendmsg(sockfd, &msg, 0))
		err(1, "sendmsg failed");

On sparc64, the above attempt fails with EINVAL in line 165 of net/compat.c,
in the function cmsghdr_from_user_compat_to_kern() ("if (kcmlen == 0) ...").

>From what the code looks like, this however seems to be the area where CMSG
data is interpreted - seemingly the control flow got into the wrong department.

In net/socket.c, there seems to be no other choice for this control flow,
due to "if ((MSG_CMSG_COMPAT & flags) && ctl_len) {".

How can I stop the kernel from thinking that the uint32_t is a cmsg header -
the most recent postings I could google for this were from 2005.

It may be that I am missing something here, but after already some testing
I have run out of ideas / time. Hints for looking further or pointers to
known fixes would be appreciated.

Gerrit


The University of Aberdeen is a charity registered in Scotland, No SC013683.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ