| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Spam-Check-By: | sourceware.org |
| Date: | Mon, 4 Feb 2013 13:19:02 +0100 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: bind(sock, addr, addrlen) doesn't respect addrelen |
| Message-ID: | <20130204121902.GA19792@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <CANjopZHFhNN=o4cVpiBokBmDHjzgFx8tV=ajzLeUHzu4Jpr8EQ AT mail DOT gmail DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CANjopZHFhNN=o4cVpiBokBmDHjzgFx8tV=ajzLeUHzu4Jpr8EQ@mail.gmail.com> |
| User-Agent: | Mutt/1.5.21 (2010-09-15) |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Feb 4 11:03, Tanaka Akira wrote: > Hi. > > I found bind(sock, addr, addrlen) function doesn't respect addrlen. > > If addr is AF_UNIX socket address and sun_path field is not > NUL-terminated until the length specified as addrlen, > bind() refer bytes after addrlen. > This can be observed by created socket file name is longer > than expected. > > The test program attached below [...] Thanks for the testcase! I fixed bind(2) in CVS so that it makes sure never to access memory beyond what's specified in the namelen parameter. It also tests that the filename is always NUL-terminated, so your example will result in an ENAMETOOLONG now, unless you make sure there's a NUL byte within the bounds defined by namelen, as well as within the first 108 bytes of sun_path. This is not quite the Linux behaviour which also allows non-NUL terminated filenames, but SUSv4 as well as the Linux unix(7) man page as well as the wonderful "UNIX Network Programming" book from W. Richard Stevens imply that the pathname should be NUL-terminated, so I'll stick to that. The important thing here is that bind(2) won't access undefined memory. Thanks again, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |