lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Sep 2009 09:41:10 +0800 From: Shan Wei <shanwei@...fujitsu.com> To: David Miller <davem@...emloft.net> CC: dfeng@...hat.com, kaber@...sh.net, yoshfuji@...ux-ipv6.org, jmorris@...ei.org, pekkas@...core.fi, kuznet@....inr.ac.ru, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/2] ipv4: fix do_ip_setsockopt optlen check for IP_MULTICAST_IF David Miller wrote, at 09/23/2009 04:38 AM: > From: Shan Wei <shanwei@...fujitsu.com> > Date: Thu, 17 Sep 2009 17:15:22 +0800 > >> Xiaotian Feng wrote, at 09/17/2009 01:19 PM: >>> Due to man page of setsockopt, if optlen is not valid, kernel should return >>> -EINVAL. But a simple testcase as following, errno is 0, which means setsockopt >>> is successful. >>> >>> addr.s_addr = inet_addr("192.1.2.3"); >>> setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &addr, 1); >>> printf("errno is %d\n", errno); >>> >>> This patch fixes the optlen check part, with the patch, we got errno EINVAL. >>> >> I also think it's a bug, the freebsd also does the optlen check. >> But the style should be coincident with other option: firstly check the >> availability of optlen, then copy option value from user and deal with it. >> >> How about this one: > > This definitely is better and cleaner, but please don't post such > things without proper signoffs and commit messages because now > I have to ask you to do that instead of me just applying your > patch :-/ > I'm so sorry about that. The whole patch is below. [PATCH BUGFIX] ipv4: check optlen for IP_MULTICAST_IF option Due to man page of setsockopt, if optlen is not valid, kernel should return -EINVAL. But a simple testcase as following, errno is 0, which means setsockopt is successful. addr.s_addr = inet_addr("192.1.2.3"); setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &addr, 1); printf("errno is %d\n", errno); Xiaotian Feng(dfeng@...hat.com) caught the bug. We fix it firstly checking the availability of optlen and then dealing with the logic like other options. Reported-by: Xiaotian Feng <dfeng@...hat.com> Signed-off-by: Shan Wei <shanwei@...fujitsu.com> Acked-by: Alexey Kuznetsov <kuznet@....inr.ac.ru> --- net/ipv4/ip_sockglue.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index fc7993e..5a06935 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -611,6 +611,9 @@ static int do_ip_setsockopt(struct sock *sk, int level, * Check the arguments are allowable */ + if (optlen < sizeof(struct in_addr)) + goto e_inval; + err = -EFAULT; if (optlen >= sizeof(struct ip_mreqn)) { if (copy_from_user(&mreq, optval, sizeof(mreq))) -- 1.6.0.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists