[PATCH] linux: Check for null value msghdr struct before use

public inbox for libc-alpha@sourceware.org
 help / color / mirror / Atom feed

* [PATCH] linux: Check for null value msghdr struct before use
@ 2021-07-02 20:28 Khem Raj
  2021-07-05 17:51 ` Adhemerval Zanella
  0 siblings, 1 reply; 3+ messages in thread
From: Khem Raj @ 2021-07-02 20:28 UTC (permalink / raw)
  To: libc-alpha

This avoids crashes in libc when cmsg is null and refrencing msg
structure when it is null

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 sysdeps/unix/sysv/linux/convert_scm_timestamps.c | 2 ++
 sysdeps/unix/sysv/linux/recvmsg.c                | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
index d75a4618dd6..5af71847f57 100644
--- a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
+++ b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
@@ -87,6 +87,8 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize)
 
   msg->msg_controllen += CMSG_SPACE (sizeof tvts);
   cmsg = CMSG_NXTHDR(msg, last);
+  if (cmsg == NULL)
+    return;
   cmsg->cmsg_level = SOL_SOCKET;
   cmsg->cmsg_type = type;
   cmsg->cmsg_len = CMSG_LEN (sizeof tvts);
diff --git a/sysdeps/unix/sysv/linux/recvmsg.c b/sysdeps/unix/sysv/linux/recvmsg.c
index a2a600228ba..19c49e2a85c 100644
--- a/sysdeps/unix/sysv/linux/recvmsg.c
+++ b/sysdeps/unix/sysv/linux/recvmsg.c
@@ -25,7 +25,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
 {
   ssize_t r;
 #ifndef __ASSUME_TIME64_SYSCALLS
-  socklen_t orig_controllen = msg->msg_controllen;
+  socklen_t orig_controllen = (msg) ? msg->msg_controllen : 0;
 #endif
 
 #ifdef __ASSUME_RECVMSG_SYSCALL
@@ -35,7 +35,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
 #endif
 
 #ifndef __ASSUME_TIME64_SYSCALLS
-  if (r >= 0)
+  if (r >= 0 && orig_controllen)
     __convert_scm_timestamps (msg, orig_controllen);
 #endif
 
-- 
2.32.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] linux: Check for null value msghdr struct before use
  2021-07-02 20:28 [PATCH] linux: Check for null value msghdr struct before use Khem Raj
@ 2021-07-05 17:51 ` Adhemerval Zanella
  2021-07-06 16:22   ` Khem Raj
  0 siblings, 1 reply; 3+ messages in thread
From: Adhemerval Zanella @ 2021-07-05 17:51 UTC (permalink / raw)
  To: Khem Raj, libc-alpha



On 02/07/2021 17:28, Khem Raj wrote:
> This avoids crashes in libc when cmsg is null and refrencing msg

s/refrencing/referencing

> structure when it is null
> 
> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Patch looks ok just some nits below, thank for catching it.  
I will commit it shortly for you.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

> ---
>  sysdeps/unix/sysv/linux/convert_scm_timestamps.c | 2 ++
>  sysdeps/unix/sysv/linux/recvmsg.c                | 4 ++--
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
> index d75a4618dd6..5af71847f57 100644
> --- a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
> +++ b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
> @@ -87,6 +87,8 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize)
>  
>    msg->msg_controllen += CMSG_SPACE (sizeof tvts);
>    cmsg = CMSG_NXTHDR(msg, last);
> +  if (cmsg == NULL)
> +    return;
>    cmsg->cmsg_level = SOL_SOCKET;
>    cmsg->cmsg_type = type;
>    cmsg->cmsg_len = CMSG_LEN (sizeof tvts);
> diff --git a/sysdeps/unix/sysv/linux/recvmsg.c b/sysdeps/unix/sysv/linux/recvmsg.c
> index a2a600228ba..19c49e2a85c 100644
> --- a/sysdeps/unix/sysv/linux/recvmsg.c
> +++ b/sysdeps/unix/sysv/linux/recvmsg.c
> @@ -25,7 +25,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
>  {
>    ssize_t r;
>  #ifndef __ASSUME_TIME64_SYSCALLS
> -  socklen_t orig_controllen = msg->msg_controllen;
> +  socklen_t orig_controllen = (msg) ? msg->msg_controllen : 0;
>  #endif
>  

No implicit checks.

>  #ifdef __ASSUME_RECVMSG_SYSCALL
> @@ -35,7 +35,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
>  #endif
>  
>  #ifndef __ASSUME_TIME64_SYSCALLS
> -  if (r >= 0)
> +  if (r >= 0 && orig_controllen)
>      __convert_scm_timestamps (msg, orig_controllen);
>  #endif
>  
> 

Same as before.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] linux: Check for null value msghdr struct before use
  2021-07-05 17:51 ` Adhemerval Zanella
@ 2021-07-06 16:22   ` Khem Raj
  0 siblings, 0 replies; 3+ messages in thread
From: Khem Raj @ 2021-07-06 16:22 UTC (permalink / raw)
  To: Adhemerval Zanella; +Cc: GNU C Library

On Mon, Jul 5, 2021 at 10:51 AM Adhemerval Zanella
<adhemerval.zanella@linaro.org> wrote:
>
>
>
> On 02/07/2021 17:28, Khem Raj wrote:
> > This avoids crashes in libc when cmsg is null and refrencing msg
>
> s/refrencing/referencing
>
> > structure when it is null
> >
> > Signed-off-by: Khem Raj <raj.khem@gmail.com>
>
> Patch looks ok just some nits below, thank for catching it.
> I will commit it shortly for you.

Thank you Adhemerval

>
> Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
>
> > ---
> >  sysdeps/unix/sysv/linux/convert_scm_timestamps.c | 2 ++
> >  sysdeps/unix/sysv/linux/recvmsg.c                | 4 ++--
> >  2 files changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
> > index d75a4618dd6..5af71847f57 100644
> > --- a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
> > +++ b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
> > @@ -87,6 +87,8 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize)
> >
> >    msg->msg_controllen += CMSG_SPACE (sizeof tvts);
> >    cmsg = CMSG_NXTHDR(msg, last);
> > +  if (cmsg == NULL)
> > +    return;
> >    cmsg->cmsg_level = SOL_SOCKET;
> >    cmsg->cmsg_type = type;
> >    cmsg->cmsg_len = CMSG_LEN (sizeof tvts);
> > diff --git a/sysdeps/unix/sysv/linux/recvmsg.c b/sysdeps/unix/sysv/linux/recvmsg.c
> > index a2a600228ba..19c49e2a85c 100644
> > --- a/sysdeps/unix/sysv/linux/recvmsg.c
> > +++ b/sysdeps/unix/sysv/linux/recvmsg.c
> > @@ -25,7 +25,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
> >  {
> >    ssize_t r;
> >  #ifndef __ASSUME_TIME64_SYSCALLS
> > -  socklen_t orig_controllen = msg->msg_controllen;
> > +  socklen_t orig_controllen = (msg) ? msg->msg_controllen : 0;
> >  #endif
> >
>
> No implicit checks.
>
> >  #ifdef __ASSUME_RECVMSG_SYSCALL
> > @@ -35,7 +35,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
> >  #endif
> >
> >  #ifndef __ASSUME_TIME64_SYSCALLS
> > -  if (r >= 0)
> > +  if (r >= 0 && orig_controllen)
> >      __convert_scm_timestamps (msg, orig_controllen);
> >  #endif
> >
> >
>
> Same as before.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-07-06 16:22 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-02 20:28 [PATCH] linux: Check for null value msghdr struct before use Khem Raj
2021-07-05 17:51 ` Adhemerval Zanella
2021-07-06 16:22   ` Khem Raj

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).