This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH,HURD] hurdsock: reject negative domains


On Mon, 21 Nov 2011 22:23:26 +0100, Pino Toscano <> wrote:
> Reject negative socket domains right away; otherwise, it is possible to read
> and set out-of-bounds locations of the `servers' array (returning the values
> at those invalid memory locations), and even try to deallocate ports with
> random values if the `dead' parameter is different than zero.
> 2011-11-21  Pino Toscano  <>
> 	* hurd/hurdsock.c (_hurd_socket_server): Check for negative domains,
> 	and reject them.
> --- a/hurd/hurdsock.c
> +++ b/hurd/hurdsock.c
> @@ -47,6 +47,12 @@ _hurd_socket_server (int domain, int dea
>  {
>    socket_t server;
> +  if (domain < 0)
> +    {
> +      errno = EAFNOSUPPORT;
> +      return MACH_PORT_NULL;
> +    }
> +

Thanks; the issue is valid, but we may want to fix it differently:
_hurd_socket_server is an internal function, and internally we should
always know what we're doing: that is, should only be calling it with
valid data, such as the PF_* constants -- which is done in all places but
socket and socketpair, which happen to be external interfaces.  Should
instead in these two functions the domain parameter be checked for
validity (and negative ones refused with EINVAL)?  Roland?


Attachment: pgp00000.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]