Date: Mon, 05 Mar 2018 11:10:03 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: christophebeauval@hotmail.com Cc: freebsd-standards@freebsd.org Subject: Re: Libc getnameinfo length requirement Message-ID: <20180305.111003.2235120030223011766.hrs@allbsd.org> In-Reply-To: <VI1PR0402MB3711C2331551B00ABF42B674A2C50@VI1PR0402MB3711.eurprd04.prod.outlook.com> References: <VI1PR0402MB371177DFA52E8CC936FCDD00A2C60@VI1PR0402MB3711.eurprd04.prod.outlook.com> <20180302.111804.1733124916347516747.hrs@allbsd.org> <VI1PR0402MB3711C2331551B00ABF42B674A2C50@VI1PR0402MB3711.eurprd04.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart0(Mon_Mar__5_11_10_03_2018_045)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Mon_Mar__5_11_10_03_2018_772)--" Content-Transfer-Encoding: 7bit ----Next_Part(Mon_Mar__5_11_10_03_2018_772)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Christophe Beauval <christophebeauval@hotmail.com> wrote in <VI1PR0402MB3711C2331551B00ABF42B674A2C50@VI1PR0402MB3711.eurprd04.prod.outlook.com>: ch> Hello ch> ch> There is a typo in the comment: RFC 4018 is mentioned, this should be 4038. ch> ch> There is also a problem with relying on the sa->sa_len presence and sort ch> of undoing two earlier patches from 17th April 2005, where according to ch> the commit comment, sa->sa_len is not required by POSIX: ch> https://github.com/freebsd/freebsd/commit/90a7ec34ec2cf5e36aeb76ff35c656f880659274#diff-25ee506a989a23ae5d8904e113aa66d7 ch> and ch> https://github.com/freebsd/freebsd/commit/ba35b6aa7602967dbfeb53dc1e32ba1868bd3e98#diff-25ee506a989a23ae5d8904e113aa66d7 ch> . Thank you for the review. A revised patch to eliminate sa_len dependency and fix a typo is attached. It now accepts sizeof(struct sockaddr_storage) at a maximum and rejects only too short length depending on sa->sa_family. -- Hiroki ----Next_Part(Mon_Mar__5_11_10_03_2018_772)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="getnameinfo.c.20180305-1.diff" Index: net/getnameinfo.c =================================================================== --- net/getnameinfo.c (revision 330374) +++ net/getnameinfo.c (working copy) @@ -124,26 +124,36 @@ afd = find_afd(sa->sa_family); if (afd == NULL) return (EAI_FAMILY); + /* + * getnameinfo() accepts an salen of sizeof(struct sockaddr_storage) + * at maximum as shown in RFC 4038 Sec.6.2.3. + */ + if (salen > sizeof(struct sockaddr_storage)) + return (EAI_FAMILY); + switch (sa->sa_family) { case PF_LOCAL: /* - * PF_LOCAL uses variable sa->sa_len depending on the + * PF_LOCAL uses variable salen depending on the * content length of sun_path. Require 1 byte in * sun_path at least. */ - if (salen > afd->a_socklen || - salen <= afd->a_socklen - + if (salen <= afd->a_socklen - sizeofmember(struct sockaddr_un, sun_path)) - return (EAI_FAIL); + return (EAI_FAMILY); + else if (salen > afd->a_socklen) + salen = afd->a_socklen; break; case PF_LINK: if (salen <= afd->a_socklen - sizeofmember(struct sockaddr_dl, sdl_data)) - return (EAI_FAIL); + return (EAI_FAMILY); break; default: - if (salen != afd->a_socklen) - return (EAI_FAIL); + if (salen < afd->a_socklen) + return (EAI_FAMILY); + else + salen = afd->a_socklen; break; } @@ -517,7 +527,7 @@ if (serv != NULL && servlen > 0) *serv = '\0'; if (host != NULL && hostlen > 0) { - pathlen = sa->sa_len - afd->a_off; + pathlen = salen - afd->a_off; if (pathlen + 1 > hostlen) { *host = '\0'; ----Next_Part(Mon_Mar__5_11_10_03_2018_772)---- ----Security_Multipart0(Mon_Mar__5_11_10_03_2018_045)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iEYEABECAAYFAlqcpvsACgkQTyzT2CeTzy23OwCfdadKyIxwsOhNZ5XW9Go0Kzhn YjsAni8m4GmF2dI0F33frvO/jJEh0Rib =5cqt -----END PGP SIGNATURE----- ----Security_Multipart0(Mon_Mar__5_11_10_03_2018_045)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180305.111003.2235120030223011766.hrs>