diff mbox

net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs

Message ID 20110606160007.GD28535@suse.de
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Marcus Meissner June 6, 2011, 4 p.m. UTC 
On Mon, Jun 06, 2011 at 03:47:30PM +0200, Reinhard Max wrote:
> 
> On Wed, 1 Jun 2011 at 21:03, David Miller wrote:
> 
> >Since we haven't been validating the sin_family field for 18+ years, 
> >the chance to break some applications is very real.
> >
> >But I think it's more important to fix this (and force any broken 
> >apps to set sin_family correctly).  So I will apply this, thanks.
> 
> I think a corresponding check should also go into inet6_bind() in 
> net/ipv6/af_inet6.c .

Good idea,

Same check as for IPv4, also do for IPv6.

(If you passed in a IPv4 sockaddr_in here, the sizeof check
 in the line before would have triggered already though.)

Signed-off-by: Marcus Meissner <meissner@suse.de>
Cc: Reinhard Max <max@suse.de>

Ciao, Marcus
---
 net/ipv6/af_inet6.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

Comments

David Miller June 6, 2011, 9:48 p.m. UTC | #1 
From: Marcus Meissner <meissner@suse.de>
Date: Mon, 6 Jun 2011 18:00:07 +0200

> On Mon, Jun 06, 2011 at 03:47:30PM +0200, Reinhard Max wrote:
>> 
>> On Wed, 1 Jun 2011 at 21:03, David Miller wrote:
>> 
>> >Since we haven't been validating the sin_family field for 18+ years, 
>> >the chance to break some applications is very real.
>> >
>> >But I think it's more important to fix this (and force any broken 
>> >apps to set sin_family correctly).  So I will apply this, thanks.
>> 
>> I think a corresponding check should also go into inet6_bind() in 
>> net/ipv6/af_inet6.c .
> 
> Good idea,
> 
> Same check as for IPv4, also do for IPv6.
> 
> (If you passed in a IPv4 sockaddr_in here, the sizeof check
>  in the line before would have triggered already though.)
> 
> Signed-off-by: Marcus Meissner <meissner@suse.de>
> Cc: Reinhard Max <max@suse.de>

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Reinhard Max June 7, 2011, 7:25 a.m. UTC | #2 
On Mon, 6 Jun 2011 at 18:00, Marcus Meissner wrote:

> Same check as for IPv4, also do for IPv6.
> [...]
> +
> +	if (addr->sin6_family != AF_INET6)
> +		return -EINVAL;
> +

According to the POSIX manpage for bind(), the error code should be 
EAFNOSUPPORT ("The specified address is not a valid address for the 
address family of the specified socket"). This would also match the 
error code of connect() in the same situation.

And I think the family should be checked before the length for both, 
bind() and connect(), to get more descriptive error messages when 
passing an address of the wrong family.


cu
 	Reinhard
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index b7919f9..d450a2f 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -272,6 +272,10 @@  int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 
 	if (addr_len < SIN6_LEN_RFC2133)
 		return -EINVAL;
+
+	if (addr->sin6_family != AF_INET6)
+		return -EINVAL;
+
 	addr_type = ipv6_addr_type(&addr->sin6_addr);
 	if ((addr_type & IPV6_ADDR_MULTICAST) && sock->type == SOCK_STREAM)
 		return -EINVAL;