Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: netbsd-8: panic: sockaddr_copy: source too long, 28 < 128 bytes



On Tue, Nov 6, 2018 at 10:41 AM Paul Ripke <stix%stix.id.au@localhost> wrote:
>
> On Mon, Nov 05, 2018 at 05:28:23PM +0900, Ryota Ozaki wrote:
> > On Mon, Nov 5, 2018 at 4:40 PM Michael van Elst <mlelstv%serpens.de@localhost> wrote:
> > >
> > > ozaki-r%netbsd.org@localhost (Ryota Ozaki) writes:
> > >
> > > >diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
> > > >index ee4fc6fdfb3..a4a74c8009e 100644
> > > >--- a/sys/netinet6/udp6_usrreq.c
> > > >+++ b/sys/netinet6/udp6_usrreq.c
> > > >@@ -668,10 +668,18 @@ udp6_output(struct in6pcb * const in6p, struct mbuf *m,
> > >
> > > >        if (addr6) {
> > > >                sin6 = addr6;
> > > >+               if (sin6->sin6_len != sizeof(*sin6)) {
> > > >+                       error = EINVAL;
> > > >+                       goto release;
> > > >+               }
> > > >                if (sin6->sin6_family != AF_INET6) {
> > > >                        error = EAFNOSUPPORT;
> > > >                        goto release;
> > > >                }
> > > >+               if (sin6->sin6_port == 0) {
> > > >+                       error = EADDRNOTAVAIL;
> > > >+                       goto release;
> > > >+               }
> > >
> > > The port validation is already done a few lines below,
> >
> > Thanks, that's right.
> >
> > > but the comment when using the port is a bit strange:
> > >
> > >                 fport = sin6->sin6_port; /* allow 0 port */
> > >
> > > Apparently that comment (and the port check) already
> > > existed when the initial version was imported.
> >
> > Well... I think the comment is just a leftover to be removed :-/
> >
> >   ozaki-r
>
> Thanks! Patched into netbsd-8, running with it now. I do wonder
> which process was responsible for doing the op. It's been too long
> since I've tried grokking gdb on kvm cores...

Thank you for testing! I hope the patch fixes the panic you encountered.
Anyway I'll commit and pull up the fix soon because it certainly fixes a panic.

  ozaki-r


Home | Main Index | Thread Index | Old Index