From patchwork Tue Feb 7 13:11:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: LIU Hao X-Patchwork-Id: 1738932 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=MaaRB3Tv; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PB3SP4J1wz23hX for ; Wed, 8 Feb 2023 00:12:05 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8336A3858C62 for ; Tue, 7 Feb 2023 13:12:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8336A3858C62 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1675775523; bh=Sn3RIB46CG2cPlNoa1C287V9n30JhWWpm27nP2nsfRw=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=MaaRB3TvccYCOpjEMzNoM9RYLqrbcIt1xRJn4EcpPzTzW8k0OXd+pGGfP1CnmYjTe b0xcM7nnDiZ9Iu4Ke6k7RB+R2AooBoMuc/LFvIQ/IMQiHYDA+rXge8KiBaHalJSKLK FhjjIh8CvBMhg2O0wp69Ri8UWVN+J0w6vWA6/4N0= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from m126.mail.126.com (m126.mail.126.com [123.126.96.241]) by sourceware.org (Postfix) with ESMTP id E0EE43858D33 for ; Tue, 7 Feb 2023 13:11:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E0EE43858D33 Received: from [192.168.50.66] (unknown [116.236.172.42]) by smtp12 (Coremail) with SMTP id fORpCgDHVi8OTuJjw5XMAg--.17994S2; Tue, 07 Feb 2023 21:11:43 +0800 (CST) Message-ID: <162965eb-f84c-ca03-2cc1-dd895fbadcd6@126.com> Date: Tue, 7 Feb 2023 21:11:42 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 To: libc-alpha@sourceware.org Content-Language: en-US Subject: `__if_nametoindex()` can leak an FD if its argument is too long X-CM-TRANSID: fORpCgDHVi8OTuJjw5XMAg--.17994S2 X-Coremail-Antispam: 1Uf129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73 VFW2AGmfu7bjvjm3AaLaJ3UbIYCTnIWIevJa73UjIFyTuYvjxU3sjjDUUUU X-Originating-IP: [116.236.172.42] X-CM-SenderInfo: 5okbz0xxvhqiyswou0bp/1tbiJhAPRlpD8Cp1qQAAsg X-Spam-Status: No, score=-3133.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_BARRACUDACENTRAL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: LIU Hao via Libc-alpha From: LIU Hao Reply-To: LIU Hao Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Sender: "Libc-alpha" Greetings, libc maintainers. It looks like `if_nametoindex()` for Hurd can leak a socket descriptor if its argument string is too long. Patch attached. From 6ba2bc2fa7d01999a9c92953ca7d84146fe6c741 Mon Sep 17 00:00:00 2001 From: LIU Hao Date: Tue, 7 Feb 2023 21:05:50 +0800 Subject: [PATCH] hurd: Don't lean the socket FD if argument to `__if_nametoindex()` is too long --- sysdeps/mach/hurd/if_index.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/sysdeps/mach/hurd/if_index.c b/sysdeps/mach/hurd/if_index.c index a4472269b7..9b598a279d 100644 --- a/sysdeps/mach/hurd/if_index.c +++ b/sysdeps/mach/hurd/if_index.c @@ -32,10 +32,7 @@ unsigned int __if_nametoindex (const char *ifname) { struct ifreq ifr; - int fd = __socket (AF_INET, SOCK_DGRAM, 0); - - if (fd < 0) - return 0; + int fd; if (strlen (ifname) >= IFNAMSIZ) { @@ -43,6 +40,10 @@ __if_nametoindex (const char *ifname) return 0; } + fd = __socket (AF_INET, SOCK_DGRAM, 0); + if (fd < 0) + return 0; + strncpy (ifr.ifr_name, ifname, IFNAMSIZ); if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0) { -- 2.34.1