| Message ID | 1372436577-61749-1-git-send-email-xiaosuo@gmail.com |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
On Sat, 2013-06-29 at 00:22 +0800, Changli Gao wrote: > As we use u16 to save the value of the argument for listen(2), > we'd better check if the value is larger than SINT_MAX other > than cut it down silently on error. > --- > net/ipv4/af_inet.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c > index b4d0be2..35aaf00 100644 > --- a/net/ipv4/af_inet.c > +++ b/net/ipv4/af_inet.c > @@ -198,6 +198,9 @@ int inet_listen(struct socket *sock, int backlog) > unsigned char old_state; > int err; > > + if (backlog >= (1 << 16)) > + return -EINVAL; > + > lock_sock(sk); > > err = -EINVAL; Well, there is still this possible regression for old applications. Just use u32 fields instead of u16 ? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Sat, Jun 29, 2013 at 12:33 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote: > > Well, there is still this possible regression for old applications. > > Just use u32 fields instead of u16 ? > I'll look at this. Thanks. -- Regards, Changli Gao(xiaosuo@gmail.com) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 06/28/2013 09:33 AM, Eric Dumazet wrote: > > Well, there is still this possible regression for old applications. > > Just use u32 fields instead of u16 ? FWIW, the manpage for listen() gives the backlog parameter as an "int" SYNOPSIS #include <sys/types.h> /* See NOTES */ #include <sys/socket.h> int listen(int sockfd, int backlog); and mentions no explicit limit beyond 2.4.35, only interaction with the likes of /proc/sys/net/core/somaxconn. And sys/socket.h has: /* Prepare to accept connections on socket FD. N connection requests will be queued before further requests are refused. Returns 0 on success, -1 for errors. */ extern int listen (int __fd, int __n) __THROW; Not sure if it is considered "sane" to try to set the backlog to a negative value of course... rick jones -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index b4d0be2..35aaf00 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -198,6 +198,9 @@ int inet_listen(struct socket *sock, int backlog) unsigned char old_state; int err; + if (backlog >= (1 << 16)) + return -EINVAL; + lock_sock(sk); err = -EINVAL;