Re: [FIX NETLINK] properly check arguments to netlink_bind()

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: David Miller <davem@...>

To: <holger@...>

Cc: <netdev@...>

Subject: Re: [FIX NETLINK] properly check arguments to netlink_bind()

Date: Tuesday, September 18, 2007 - 5:53 pm

From: Holger Eitzenberger <holger@my-eitzenberger.de>
Date: Tue, 18 Sep 2007 23:05:52 +0200

quoted text> Holger Eitzenberger <holger@my-eitzenberger.de> writes:
> 
> > while going through going netlink code I found out that netlink_bind()
> > does not properly check bind parameters.  I checked both 2.6.23-rc1 as
> > well as 2.6.16.53, both are affected.
> >
> > With a small test prog I wasn't able to crash my maschine though, but
> > data was accessed out of bounds.
> 
> See my attached patch, thanks.

Your patch is incorrect and also unnecessary.

Firstly, you patch compares the address _pointer_ against
the minimum length.  That's obviously wrong.

And if you check the call sites of the protocol ->bind() methods, they
all use on-stack buffer for the address object which is at least
MAX_SOCK_ADDR bytes in length so that the bind methods don't have to
check the size if they don't want to.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[FIX NETLINK] properly check arguments to netlink_bind(), Holger Eitzenberger, (Tue Sep 18, 5:01 pm)

Re: [FIX NETLINK] properly check arguments to netlink_bind(), Holger Eitzenberger, (Tue Sep 18, 5:05 pm)

Re: [FIX NETLINK] properly check arguments to netlink_bind(), David Miller, (Tue Sep 18, 5:53 pm)

Re: [FIX NETLINK] properly check arguments to netlink_bind(), Holger Eitzenberger, (Wed Sep 19, 3:16 am)

Re: [FIX NETLINK] properly check arguments to netlink_bind(), Holger Eitzenberger, (Tue Sep 18, 5:14 pm)

Navigation

Popular discussions


linux-kernel:
David Miller	Re: Slow DOWN, please!!!
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Greg KH	Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Josip Rodin	bnx2_poll panicking kernel
David Miller	[GIT]: Networking
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
openbsd-misc:

Colocation donated by:

Online users

Syndicate