[PATCH] IPv6: Fix the data length of get destination options with short length

[PATCH] IPv6: Fix the data length of get destination options with short length

[Yang Hongyang]

  If get destination options with length which is not enough for that
option,getsockopt() will still return the real length of the option,
which is larger then the buffer space.
  This is because ipv6_getsockopt_sticky() returns the real length of
the option.

This patch fix this problem.

Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com>

--- net/ipv6/ipv6_sockglue.c	2008-05-28 09:17:14.000000000 +0800
+++ net/ipv6/ipv6_sockglue.c	2008-05-28 12:41:01.000000000 +0800
@@ -832,7 +832,7 @@ static int ipv6_getsockopt_sticky(struct
 	len = min_t(unsigned int, len, ipv6_optlen(hdr));
 	if (copy_to_user(optval, hdr, len))
 		return -EFAULT;
-	return ipv6_optlen(hdr);
+	return len;
 }

---------
2.6.26-rc4 

Re: [PATCH] IPv6: Fix the data length of get destination options with short length

[Wang Chen]

Yang Hongyang said the following on 2008-5-28 14:49:
> @@ -832,7 +832,7 @@ static int ipv6_getsockopt_sticky(struct
>     len = min_t(unsigned int, len, ipv6_optlen(hdr));
>     if (copy_to_user(optval, hdr, len))
>         return -EFAULT;
> -    return ipv6_optlen(hdr);
> +    return len;
> }
> 

Yang, your mail client broke tabs to blanks.
Please resubmit.

Re: [PATCH] IPv6: Fix the data length of get destination options with short length

[Yang Hongyang]

Wang Chen wrote:
> Yang Hongyang said the following on 2008-5-28 14:49:
>> @@ -832,7 +832,7 @@ static int ipv6_getsockopt_sticky(struct
>>     len = min_t(unsigned int, len, ipv6_optlen(hdr));
>>     if (copy_to_user(optval, hdr, len))
>>         return -EFAULT;
>> -    return ipv6_optlen(hdr);
>> +    return len;
>> }
>>
> 
> Yang, your mail client broke tabs to blanks.
> Please resubmit.

--- net/ipv6/ipv6_sockglue.c	2008-05-28 09:17:14.000000000 +0800
+++ net/ipv6/ipv6_sockglue.c	2008-05-28 12:41:01.000000000 +0800
@@ -832,7 +832,7 @@ static int ipv6_getsockopt_sticky(struct
 	len = min_t(unsigned int, len, ipv6_optlen(hdr));
 	if (copy_to_user(optval, hdr, len))
 		return -EFAULT;
-	return ipv6_optlen(hdr);
+	return len;
 }

[PATCH] IPv6: Fix the data length of get destination options with short length

[Yang Hongyang]

 If get destination options with length which is not enough for that
option,getsockopt() will still return the real length of the option,
which is larger then the buffer space.
 This is because ipv6_getsockopt_sticky() returns the real length of
the option.

This patch fix this problem.

Signed-off-by: Yang Hongyang <yaonghy@cn.fujitsu.cm> 

--- a/net/ipv6/ipv6_sockglue.c	2008-05-28 09:17:14.000000000 +0800
+++ b/net/ipv6/ipv6_sockglue.c	2008-05-28 12:41:01.000000000 +0800
@@ -832,7 +832,7 @@ static int ipv6_getsockopt_sticky(struct
 	len = min_t(unsigned int, len, ipv6_optlen(hdr));
 	if (copy_to_user(optval, hdr, len))
 		return -EFAULT;
-	return ipv6_optlen(hdr);
+	return len;
 }
 

Re: [PATCH] IPv6: Fix the data length of get destination options with short length

[YOSHIFUJI Hideaki / 吉藤英明]

In article <483D0070.2090909@cn.fujitsu.com> (at Wed, 28 May 2008 14:49:20 +0800), Yang Hongyang <yanghy@cn.fujitsu.com> says:

>   If get destination options with length which is not enough for that
> option,getsockopt() will still return the real length of the option,
> which is larger then the buffer space.
>   This is because ipv6_getsockopt_sticky() returns the real length of
> the option.
> 
> This patch fix this problem.

POSIX says that the object pointed to by the option_len argument shall be
modified to indicate the actual length of the value.
Do you think this change conforms to the spec?

--yoshfuji

Re: [PATCH] IPv6: Fix the data length of get destination options with short length

[Yang Hongyang]

YOSHIFUJI Hideaki / 吉藤英明 wrote:
> In article <483D0070.2090909@cn.fujitsu.com> (at Wed, 28 May 2008 14:49:20 +0800), Yang Hongyang <yanghy@cn.fujitsu.com> says:
> 
>>   If get destination options with length which is not enough for that
>> option,getsockopt() will still return the real length of the option,
>> which is larger then the buffer space.
>>   This is because ipv6_getsockopt_sticky() returns the real length of
>> the option.
>>
>> This patch fix this problem.
> 
> POSIX says that the object pointed to by the option_len argument shall be
> modified to indicate the actual length of the value.
> Do you think this change conforms to the spec?
> 
> --yoshfuji
> 
> 

We use the codes below to get the destination options,the length cnt is half of the option length.
	cnt = sizeof(incmsg) / 2;
	if (getsockopt(sk, IPPROTO_IPV6, IPV6_DSTOPTS,
		       (char *)incmsg, &cnt) == -1) 

We can see from net/ipv6/ipv6_sockglue.c,the code below store half of the option length to incmsg,
so the acture data length of incmsg is half of the option length.According to RFC the cnt should 
specfy the data length of incmsg.that is half of the option length.So we should return len 
instead of ipv6_optlen(hdr).
 832         len = min_t(unsigned int, len, ipv6_optlen(hdr));
 833         if (copy_to_user(optval, hdr, len))
 834                 return -EFAULT;


-- 
Regards
Yang Hongyang

Re: [PATCH] IPv6: Fix the data length of get destination options with short length

[Yang Hongyang]

YOSHIFUJI Hideaki / 吉藤英明 wrote:

> POSIX says that the object pointed to by the option_len argument shall be
> modified to indicate the actual length of the value.
> Do you think this change conforms to the spec?
> 

We use the codes below to get the destination options,the length cnt is half of the option length.
	cnt = sizeof(incmsg) / 2;
	if (getsockopt(sk, IPPROTO_IPV6, IPV6_DSTOPTS,
		       (char *)incmsg, &cnt) == -1) 

We can see from net/ipv6/ipv6_sockglue.c,the code below store half of the option length to incmsg,
so the acture data length of incmsg is half of the option length.According to RFC(as you said 
"option_len argument shall be modified to indicate the actual length of the value") the cnt 
should specify the data length of incmsg,that is half of the option length.So we should return len 
instead of ipv6_optlen(hdr).
 832         len = min_t(unsigned int, len, ipv6_optlen(hdr));
 833         if (copy_to_user(optval, hdr, len))
 834                 return -EFAULT;


-- 
Regards
Yang Hongyang
 
A new email address of FJWAN is launched from Apr.1 2007.
The updated address is: yanghy@cn.fujitsu.com
--------------------------------------------------
Yang Hongyang
Development Dept.I
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
8/F., Civil Defense Building, No.189 Guangzhou Road,
Nanjing, 210029, China
TEL: +86+25-86630566-812
FUJITSU INTERNAL: 79955-812
FAX: +86+25-83317685
EMAIL: yanghy@cn.fujitsu.com
--------------------------------------------------
This communication is for use by the intended recipient(s) only and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not an intended recipient of this communication, you are hereby notified that any dissemination, distribution or copying hereof is strictly prohibited.  If you have received this communication in error, please notify me by reply e-mail, permanently delete this communication from your system, and destroy any hard copies you may have printed

Re: [PATCH] IPv6: Fix the data length of get destination options with short length

[YOSHIFUJI Hideaki / 吉藤英明]

In article <483E151B.2000804@cn.fujitsu.com> (at Thu, 29 May 2008 10:29:47 +0800), Yang Hongyang <yanghy@cn.fujitsu.com> says:

> YOSHIFUJI Hideaki / 吉藤英明 wrote:
> 
> > POSIX says that the object pointed to by the option_len argument shall be
> > modified to indicate the actual length of the value.
> > Do you think this change conforms to the spec?
> > 
> 
> We use the codes below to get the destination options,the length cnt is half of the option length.
:

Well, actually I reread the spec., and I've found that option_len is
undefined if option_len is not enough for the value.
Current behavior seems okay (according to the spec.), but I'm going to apply
this for consistency with other sockopts if no objections.

--yoshfuji