This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: recvmsg bug
- To: Zack Weinberg <zack@rabi.phys.columbia.edu>
- Subject: Re: recvmsg bug
- From: Thorsten Kukuk <kukuk@weber-eb.uni-paderborn.de>
- Date: Sat, 1 Aug 1998 09:52:38 +0200
- Cc: libc-hacker@cygnus.com
- References: <199808010642.CAA24607@rabi.phys.columbia.edu>
- Reply-To: kukuk@weber-eb.uni-paderborn.de
On Sam, 01 Aug 1998, Zack Weinberg wrote:
>>>I'm confused. The space check does need to go first, because we need
>>>enough space for the user-side cmcred struct. If there isn't enough,
>>>it's wrong to make the syscall anyway - data could be lost that way.
>>
>>We don't need this check, because we wouldn't do it, too, if we don't
>>have to copy the struct. We have no syscall wrapper only for
>>checking, if the user calls the syscall with a big enough buffer.
>>And the user supplied buffer should be big enough, since the he
>>expect a bigger result struct then the kernel supplies.
>
>Normal syscalls don't need checks in the wrapper because the kernel
>does it. If an old program calls recvmsg() set up for the old
>Linux-specific SCM_CREDS structure and we don't check the buffer size,
>we'll stomp memory.
That is, what I wrote in the first mail: We need to check the buffer size, but
after the syscall. Before the syscall, there is no way to get the needed
buffer size.
Maybe we should use both, SCM_CREDENTIALS, for the old programs, and SCM_CRED
with a new id for newer programs ? We only need to copy the data and change
SCM_CREDENTIALS to SCM_CRED. But with old programs, you never know,
if they expect the kernel ucred, or the version with the bigger glibc types, or
the new SCM_CRED struct.
>>In recvmsg, you check, if the SCM_CRED tag and the length fields are
>>set. But they couldn't be set. We receive the data from the kernel,
>>not send them. We get from the user a pointer to a memory block. This
>>memory block is uninitialized, the data in the length field could be
>>much greater, then we hav e memory allocated. So you read memory,
>>which isn't owned by us, and there is the seg.fault.
>
>Maybe I don't know how recvmsg works. I thought that you had to
>initialize the cmsghdr part of the memory block at least, so that the
>kernel knew what you were expecting.
No, you don't need to initialize the cmsghdr part. You have one recvmsg, and
one sendmsg. The kernel only copies the data from the sendmsg call to the
recvmsg call and checks, if the data is valid (uid/gid/pid etc.).
--
Thorsten Kukuk kukuk@vt.uni-paderborn.de
http://www-vt.uni-paderborn.de/~kukuk
Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.