Bug 1254 - getpeername(fd,NULL,&len) crashes even if len==0
Summary: getpeername(fd,NULL,&len) crashes even if len==0
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: hurd (show other bugs)
Version: 2.3.5
: P2 normal
Target Milestone: ---
Assignee: Roland McGrath
URL:
Keywords:
Depends on:
Blocks: libc236
  Show dependency treegraph
 
Reported: 2005-08-26 23:08 UTC by Thomas Schwinge
Modified: 2018-04-19 14:49 UTC (History)
3 users (show)

See Also:
Host: i586-pc-gnu
Target: i586-pc-gnu
Build: i586-pc-gnu
Last reconfirmed:
fweimer: security-


Attachments
Updated patch, not tested yet (529 bytes, patch)
2005-10-17 22:59 UTC, Samuel Thibault
Details | Diff
Grrmbl, sorry, here is the real corrected patch. Not tested either (546 bytes, patch)
2005-10-17 23:00 UTC, Samuel Thibault
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Schwinge 2005-08-26 23:08:59 UTC
#v+
2005-08-11  Samuel Thibault <samuel.thibault@ens-lyon.org>

	* sysdeps/mach/hurd/getpeername.c (__getpeername): Check length
	of buffer before writing the sa_family member.
#v-

http://sources.redhat.com/ml/libc-alpha/2005-08/msg00030.html

Needs to be fixed on HEAD and glibc-2_3-branch.
Comment 1 Sourceware Commits 2005-10-16 10:09:32 UTC
Subject: Bug 1254

CVSROOT:	/cvs/glibc
Module name:	libc
Changes by:	roland@sources.redhat.com	2005-10-16 10:09:30

Modified files:
	sysdeps/mach/hurd: getpeername.c 

Log message:
	2005-10-16  Roland McGrath  <roland@frob.com>
	
	[BZ #1254]
	* sysdeps/mach/hurd/getpeername.c (__getpeername): Respect *LEN
	byte limit when setting ADDR->sa_family.
	Reported by Samuel Thibault <samuel.thibault@ens-lyon.org>.

Patches:
http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sysdeps/mach/hurd/getpeername.c.diff?cvsroot=glibc&r1=1.11&r2=1.12

Comment 2 Roland McGrath 2005-10-16 10:10:14 UTC
I checked in a different change.  Please verify that it works right and then
I'll put it on the 2.3 branch as well.
Comment 3 Samuel Thibault 2005-10-17 22:57:28 UTC
Hi,  It doesn't work, because the af_family is not the first of the structure (there is af_len too), so that in getpeername(fd,NULL, 0), *len - offsetof(struct sockaddr, sa_family) becomes negative. 
Comment 4 Samuel Thibault 2005-10-17 22:59:11 UTC
Created attachment 717 [details]
Updated patch, not tested yet
Comment 5 Samuel Thibault 2005-10-17 23:00:22 UTC
Created attachment 718 [details]
Grrmbl, sorry, here is the real corrected patch. Not tested either
Comment 6 Samuel Thibault 2005-10-18 18:25:33 UTC
That last patch does work as expected. 
Comment 7 Sourceware Commits 2005-10-23 00:46:39 UTC
Subject: Bug 1254

CVSROOT:	/cvs/glibc
Module name:	libc
Changes by:	roland@sources.redhat.com	2005-10-23 00:46:36

Modified files:
	sysdeps/mach/hurd: getpeername.c 

Log message:
	2005-10-22  Roland McGrath  <roland@redhat.com>
	
	[BZ #1254]
	* sysdeps/mach/hurd/getpeername.c (__getpeername): Fix last change.
	From Samuel Thibault <samuel.thibault@ens-lyon.org>.

Patches:
http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sysdeps/mach/hurd/getpeername.c.diff?cvsroot=glibc&r1=1.12&r2=1.13

Comment 8 Sourceware Commits 2005-10-23 00:53:27 UTC
Subject: Bug 1254

CVSROOT:	/cvs/glibc
Module name:	libc
Branch: 	glibc-2_3-branch
Changes by:	roland@sources.redhat.com	2005-10-23 00:53:24

Modified files:
	sysdeps/mach/hurd: getpeername.c 

Log message:
	2005-10-22  Roland McGrath  <roland@frob.com>
	
	[BZ #1254]
	* sysdeps/mach/hurd/getpeername.c (__getpeername): Fix last change.
	From Samuel Thibault <samuel.thibault@ens-lyon.org>.
	2005-10-16  Roland McGrath  <roland@frob.com>
	
	[BZ #1254]
	* sysdeps/mach/hurd/getpeername.c (__getpeername): Respect *LEN
	byte limit when setting ADDR->sa_family.
	Reported by Samuel Thibault <samuel.thibault@ens-lyon.org>.

Patches:
http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sysdeps/mach/hurd/getpeername.c.diff?cvsroot=glibc&only_with_tag=glibc-2_3-branch&r1=1.11&r2=1.11.6.1

Comment 9 Roland McGrath 2005-10-23 00:57:30 UTC
Thanks for the braino fix.  It's in on both branches.
Please verify that everything is good.
Comment 10 Samuel Thibault 2005-10-23 19:15:10 UTC
Seems good, thanks!