Re: CMSG_FIRSTHDR() and CMSG_NXTHDR()

[James Antill <james at and dot org>]

YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@wide.ad.jp> writes:

> Hi,
> 
> CMSG_NXTHDR() in glibc-2.2.x ignores last ancillary data.  
> Here's the fix.

 I sent in a patch for the second test below a while ago (Message-ID:
<nny9uufcvs.fsf@code.and.org>) and thought about the first test (the
one you are supplying a patch for) but I couldn't think of how a
cmsghdr could only be the size of a cmsghdr?

 The header itself only contains:

length
level
type

...surely you have to add something to that for it to be useful?

 My guess  would that that either something is going wrong somewhere
else and chopping the end of your data off, or you are running against
an older version of libc that doesn't have the second check converted
from a >= to > (the last line of context in your patch).

 Either way I don't think there is a bug in glibc currently.

> USAGI CVS Branch: b2_2_3-FIX_20010512
> 
> Index: sysdeps/unix/sysv/linux/cmsg_nxthdr.c
> ===================================================================
> RCS file: /cvsroot/usagi/usagi/libc/glibc22/sysdeps/unix/sysv/linux/cmsg_nxthdr.c,v
> retrieving revision 1.1.1.2
> retrieving revision 1.1.1.2.2.1
> diff -u -r1.1.1.2 -r1.1.1.2.2.1
> --- sysdeps/unix/sysv/linux/cmsg_nxthdr.c	2001/04/30 16:42:10	1.1.1.2
> +++ sysdeps/unix/sysv/linux/cmsg_nxthdr.c	2001/05/11 15:59:02	1.1.1.2.2.1
> @@ -29,7 +29,7 @@
>  
>    cmsg = (struct cmsghdr *) ((unsigned char *) cmsg
>  			     + CMSG_ALIGN (cmsg->cmsg_len));
> -  if ((unsigned char *) (cmsg + 1) >= ((unsigned char *) mhdr->msg_control
> +  if ((unsigned char *) (cmsg + 1) > ((unsigned char *) mhdr->msg_control
>  				       + mhdr->msg_controllen)
>        || ((unsigned char *) cmsg + CMSG_ALIGN (cmsg->cmsg_len)
>  	  > ((unsigned char *) mhdr->msg_control + mhdr->msg_controllen)))

[snip ... ]

-- 
# James Antill -- james@and.org
:0:
* ^From: .*james@and\.org
/dev/null