Message ID | 20110606160007.GD28535@suse.de |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Marcus Meissner <meissner@suse.de> Date: Mon, 6 Jun 2011 18:00:07 +0200 > On Mon, Jun 06, 2011 at 03:47:30PM +0200, Reinhard Max wrote: >> >> On Wed, 1 Jun 2011 at 21:03, David Miller wrote: >> >> >Since we haven't been validating the sin_family field for 18+ years, >> >the chance to break some applications is very real. >> > >> >But I think it's more important to fix this (and force any broken >> >apps to set sin_family correctly). So I will apply this, thanks. >> >> I think a corresponding check should also go into inet6_bind() in >> net/ipv6/af_inet6.c . > > Good idea, > > Same check as for IPv4, also do for IPv6. > > (If you passed in a IPv4 sockaddr_in here, the sizeof check > in the line before would have triggered already though.) > > Signed-off-by: Marcus Meissner <meissner@suse.de> > Cc: Reinhard Max <max@suse.de> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 6 Jun 2011 at 18:00, Marcus Meissner wrote: > Same check as for IPv4, also do for IPv6. > [...] > + > + if (addr->sin6_family != AF_INET6) > + return -EINVAL; > + According to the POSIX manpage for bind(), the error code should be EAFNOSUPPORT ("The specified address is not a valid address for the address family of the specified socket"). This would also match the error code of connect() in the same situation. And I think the family should be checked before the length for both, bind() and connect(), to get more descriptive error messages when passing an address of the wrong family. cu Reinhard -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index b7919f9..d450a2f 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -272,6 +272,10 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) if (addr_len < SIN6_LEN_RFC2133) return -EINVAL; + + if (addr->sin6_family != AF_INET6) + return -EINVAL; + addr_type = ipv6_addr_type(&addr->sin6_addr); if ((addr_type & IPV6_ADDR_MULTICAST) && sock->type == SOCK_STREAM) return -EINVAL;