lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.01.1012250107330.22521@obet.zrqbmnf.qr>
Date:	Sat, 25 Dec 2010 01:08:30 +0100 (CET)
From:	Jan Engelhardt <jengelh@...ozas.de>
To:	Linux Networking Developer Mailing List <netdev@...r.kernel.org>
cc:	"David S. Miller" <davem@...emloft.net>
Subject: [patch] net/unix: do not forget to autobind in standard case

parent 67514fc40bbec857018cbc689d440282b75551db (v2.6.37-rc1-229-g67514fc)
commit 973bdc63c6aba703dd7b62a6ec7ae4bab7847731
Author: Jan Engelhardt <jengelh@...ozas.de>
Date:   Sat Dec 25 00:50:59 2010 +0100

net/unix: do not forget to autobind in standard case

A program using recvmsg on an AF_LOCAL datagram socket does not
receive the peer's address when the remote has not issued a bind. This
makes it impossible to send messages back. (But the same _does_ work
in IP.) The cause for this is because autobinding was only done when
credential passing was requested.

The shown test program outputs:

getsockname gives 16
Received 2 bytes, and sk2_size is 16. Text: Hi
reply text: World

getsockname gives 2
Received 2 bytes, and sk2_size is 0. Text: Hi
sendto fd1: Transport endpoint is not connected
Aborted

getsockname gives 8
Received 2 bytes, and sk2_size is 8. Text: Hi
reply text: World

---8<---
//#define chosen_AF AF_INET

union sockaddr_all {
	struct sockaddr_in in;
	struct sockaddr_un un;
};

static inline size_t sock_size(unsigned int af)
{
	if (af == AF_INET)
		return sizeof(struct sockaddr_in);
	if (af == AF_LOCAL)
		return sizeof(struct sockaddr_un);
	return 0;
}

int main(void)
{
	union sockaddr_all sk1;
	union sockaddr_all sk2;
	int fd1, fd2;
	socklen_t sk2_size;
	char buf[64];
	ssize_t ret;

	fd1 = socket(chosen_AF, SOCK_DGRAM, 0);
	if (fd1 < 0) {
		perror("socket fd1");
		abort();
	}
	memset(&sk1, 0, sizeof(sk1));
	if (chosen_AF == AF_INET) {
		sk1.in.sin_family = chosen_AF;
		sk1.in.sin_port = htons(1234);
	} else if (chosen_AF == AF_LOCAL) {
		sk1.un.sun_family = chosen_AF;
		snprintf(sk1.un.sun_path, sizeof(sk1.un.sun_path), "/tmp/sk1");
		unlink(sk1.un.sun_path);
	}
	if (bind(fd1, (void *)&sk1, sock_size(chosen_AF))) {
		perror("bind fd1");
		abort();
	}

	fd2 = socket(chosen_AF, SOCK_DGRAM, 0);
	if (fd2 < 0) {
		perror("socket");
		abort();
	}
	/* Cause implicit bind */
	if (sendto(fd2, "Hi", 2, 0, (void *)&sk1, sock_size(chosen_AF)) < 0) {
		perror("sendto fd2");
		abort();
	}
	/* check if socket has been bound */
	sk2_size = sock_size(chosen_AF);
	memset(&sk2, 0, sizeof(sk2));
	if (getsockname(fd2, (void *)&sk2, &sk2_size) < 0) {
		perror("getsockname fd2");
		abort();
	}
	printf("getsockname gives %d\n", (int)sk2_size);

	/* But with recvfrom... */
	memset(&sk2, 0, sizeof(sk2));
	memset(buf, 0, sizeof(buf));
	sk2_size = sock_size(chosen_AF);
	ret = recvfrom(fd1, buf, sizeof(buf), 0, (void *)&sk2, &sk2_size);
	if (ret < 0) {
		perror("recvfrom fd1");
		abort();
	}
	printf("Received %zd bytes, and sk2_size is %d. Text: %.*s\n",
		ret, (int)sk2_size, (int)ret, buf);
	ret = sendto(fd1, "World", 5, 0, (const void *)&sk2, sk2_size);
	if (ret < 0) {
		perror("sendto fd1");
		abort();
	}

	ret = recvfrom(fd2, buf, sizeof(buf), 0, NULL, 0);
	if (ret < 0) {
		perror("recvfrom fd2");
		abort();
	}
	printf("reply text: %.*s\n", (int)ret, buf);
	return 0;
}
--->8---

Signed-off-by: Jan Engelhardt <jengelh@...ozas.de>
---
 net/unix/af_unix.c |   10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 7ff31c6..945797c 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -964,8 +964,8 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
 			goto out;
 		alen = err;
 
-		if (test_bit(SOCK_PASSCRED, &sock->flags) &&
-		    !unix_sk(sk)->addr && (err = unix_autobind(sock)) != 0)
+		if (unix_sk(sk)->addr == NULL &&
+		    (err = unix_autobind(sock)) != 0)
 			goto out;
 
 restart:
@@ -1063,8 +1063,7 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
 		goto out;
 	addr_len = err;
 
-	if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr &&
-	    (err = unix_autobind(sock)) != 0)
+	if (u->addr == NULL && (err = unix_autobind(sock)) != 0)
 		goto out;
 
 	timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
@@ -1419,8 +1418,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
 			goto out;
 	}
 
-	if (test_bit(SOCK_PASSCRED, &sock->flags) && !u->addr
-	    && (err = unix_autobind(sock)) != 0)
+	if (u->addr == NULL && (err = unix_autobind(sock)) != 0)
 		goto out;
 
 	err = -EMSGSIZE;
-- 
# Created with git-export-patch

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ