Re: [PATCH] getsockopt() early argument sanity checking

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Willy Tarreau <w@1wt.eu>
To: Michael Buesch <mb@bu3sch.de>
Cc: Solar Designer <solar@openwall.com>,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH] getsockopt() early argument sanity checking
Date: Sun, 20 Aug 2006 02:43:07 +0200	[thread overview]
Message-ID: <20060820004307.GD27115@1wt.eu> (raw)
In-Reply-To: <200608200205.20876.mb@bu3sch.de>

On Sun, Aug 20, 2006 at 02:05:20AM +0200, Michael Buesch wrote:
> On Sunday 20 August 2006 01:48, Willy Tarreau wrote:
> > On Sun, Aug 20, 2006 at 03:05:32AM +0400, Solar Designer wrote:
> > > Willy,
> > > 
> > > I propose the attached patch (extracted from 2.4.33-ow1) for inclusion
> > > into 2.4.34-pre.
> > > 
> > > (2.6 kernels could benefit from the same change, too, but at the moment
> > > I am dealing with proper submission of generic changes like this that
> > > are a part of 2.4.33-ow1.)
> > > 
> > > The patch makes getsockopt(2) sanity-check the value pointed to by
> > > the optlen argument early on.  This is a security hardening measure
> > > intended to prevent exploitation of certain potential vulnerabilities in
> > > socket type specific getsockopt() code on UP systems.
> > > 
> > > This change has been a part of -ow patches for some years.
> > 
> > looks valid to me, merged.
> 
> Not to me. It heavily violates codingstyle and screws brains
                ^^^^^^^
little exageration detected here.

> with the non-indented else branches.

while they surprized me first, they make the *patch* more readable
by clearly showing what has been inserted and where. However, I have
joined the lines for the merge.

> Learn about goto.

definitely not here. The if() expressions are all one-liners. Adding
a goto would mean two instructions, to which you add 2 braces. It will
not make the code more readable. Patch below is OK. If you have a hard
time understanding it, then it's because it's bedtime for you too :-)

Regards,
Willy


diff --git a/net/socket.c b/net/socket.c
index ac45b13..910ef88 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1307,11 +1307,17 @@ asmlinkage long sys_setsockopt(int fd, i
 asmlinkage long sys_getsockopt(int fd, int level, int optname, char *optval, int *optlen)
 {
 	int err;
+	int len;
 	struct socket *sock;
 
 	if ((sock = sockfd_lookup(fd, &err))!=NULL)
 	{
-		if (level == SOL_SOCKET)
+		/* XXX: insufficient for SMP, but should be redundant anyway */
+		if (get_user(len, optlen))
+			err = -EFAULT;
+		else if (len < 0)
+			err = -EINVAL;
+		else if (level == SOL_SOCKET)
 			err=sock_getsockopt(sock,level,optname,optval,optlen);
 		else
 			err=sock->ops->getsockopt(sock, level, optname, optval, optlen);
-- 
1.4.1

next prev parent reply	other threads:[~2006-08-20  0:43 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-19 23:05 [PATCH] getsockopt() early argument sanity checking Solar Designer
2006-08-19 23:48 ` Willy Tarreau
2006-08-20  0:05   ` Michael Buesch
2006-08-20  0:43     ` Willy Tarreau [this message]
2006-08-20 19:44       ` David Miller
2006-08-20 20:35         ` Willy Tarreau
2006-08-20 21:12           ` Arjan van de Ven
2006-08-21 12:09       ` Eugene Teo
2006-08-20  8:34 ` Andi Kleen
2006-08-20 10:15   ` Willy Tarreau
2006-08-20 10:50     ` YOSHIFUJI Hideaki / 吉藤英明
2006-08-20 19:46     ` David Miller
2006-08-20 16:16   ` Solar Designer
2006-08-20 16:30     ` Arjan van de Ven
2006-08-20 19:47       ` David Miller
2006-08-20 18:38     ` Andi Kleen
2006-08-20 19:45       ` Solar Designer
2006-08-20 19:45   ` David Miller
2006-08-20 18:15 ` Alan Cox
2006-08-21  3:00 ` David Wagner
2006-08-21  8:24   ` Solar Designer
  -- strict thread matches above, loose matches on Subject: below --
2006-08-20 18:57 Manfred Spraul

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ac45b13 dfblob:910ef88 )
 OR (
bs:"Re: [PATCH] getsockopt() early argument sanity checking" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060820004307.GD27115@1wt.eu \
    --to=w@1wt.eu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mb@bu3sch.de \
    --cc=netdev@vger.kernel.org \
    --cc=solar@openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.