lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 29 May 2008 09:29:15 +0800
From:	Yang Hongyang <yanghy@...fujitsu.com>
To:	YOSHIFUJI Hideaki / 吉藤英明 
	<yoshfuji@...ux-ipv6.org>
CC:	netdev@...r.kernel.org, davem@...emloft.net
Subject: Re: [PATCH] IPv6: Fix the data length of get destination options
 with short length

YOSHIFUJI Hideaki / 吉藤英明 wrote:
> In article <483D0070.2090909@...fujitsu.com> (at Wed, 28 May 2008 14:49:20 +0800), Yang Hongyang <yanghy@...fujitsu.com> says:
> 
>>   If get destination options with length which is not enough for that
>> option,getsockopt() will still return the real length of the option,
>> which is larger then the buffer space.
>>   This is because ipv6_getsockopt_sticky() returns the real length of
>> the option.
>>
>> This patch fix this problem.
> 
> POSIX says that the object pointed to by the option_len argument shall be
> modified to indicate the actual length of the value.
> Do you think this change conforms to the spec?
> 
> --yoshfuji
> 
> 

We use the codes below to get the destination options,the length cnt is half of the option length.
	cnt = sizeof(incmsg) / 2;
	if (getsockopt(sk, IPPROTO_IPV6, IPV6_DSTOPTS,
		       (char *)incmsg, &cnt) == -1) 

We can see from net/ipv6/ipv6_sockglue.c,the code below store half of the option length to incmsg,
so the acture data length of incmsg is half of the option length.According to RFC the cnt should 
specfy the data length of incmsg.that is half of the option length.So we should return len 
instead of ipv6_optlen(hdr).
 832         len = min_t(unsigned int, len, ipv6_optlen(hdr));
 833         if (copy_to_user(optval, hdr, len))
 834                 return -EFAULT;


-- 
Regards
Yang Hongyang

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ