lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210907121052.75cb416d@hermes.local>
Date:   Tue, 7 Sep 2021 12:10:52 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     netdev@...r.kernel.org
Subject: Fw: [Bug 214339] New: sendmsg return value may be positive while
 send errors



Begin forwarded message:

Date: Tue, 07 Sep 2021 09:23:54 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 214339] New: sendmsg return value may be positive while send errors


https://bugzilla.kernel.org/show_bug.cgi?id=214339

            Bug ID: 214339
           Summary: sendmsg return value may be positive while send errors
           Product: Networking
           Version: 2.5
    Kernel Version: 4.9.99
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: IPV4
          Assignee: stephen@...workplumber.org
          Reporter: 1031265646@...com
        Regression: No

in file udp.c, a function named udp_sendmsg has a code like this:

        /* Lockless fast path for the non-corking case. */
        if (!corkreq) {
                skb = ip_make_skb(sk, fl4, getfrag, msg, ulen,
                                  sizeof(struct udphdr), &ipc, &rt,
                                  msg->msg_flags);
                err = PTR_ERR(skb);
                if (!IS_ERR_OR_NULL(skb))
                        err = udp_send_skb(skb, fl4);
                goto out;
        }

but function ip_make_skb may return a null, then err will be set to 0;and out
like this:

out:
        ip_rt_put(rt);
        if (free)
                kfree(ipc.opt);
        if (!err)
                return len;  // return a positive value

actually, because lock of kernel memory or socket_buffer,the ip_make_skb failed
means the send operation failed. but a positive value is returnd here.
finnally, users regard the operation was success, but actually it failed in
kernel.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ