NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: aligning control message ancillary data (Taylor R Campbell) writes:

>The OpenBSD developers who thoroughly scrutinized this several months
>ago believe the kernel should check whether CMSG_ALIGN (cm->msg_len)
>is inequal to control->m_len.  But doing this might break a bunch of
>existing code that used the incorrect yet working idiom.  So in both
>FreeBSD as of many years ago, and in OpenBSD-current as of a few
>months ago, the analogous code checks whether cm->msg_len is simply
>greater than control->m_len, which is clearly an error.

control->m_len is the size of the buffer.
cm->cmsg_len is the size of the embedded message in the buffer.

It is perfectly sufficient to check that the message doesn't
claim to be larger than the buffer since there is no problem
with the buffer being padded to whatever size.

On the other hand, one check is missing: to make the cmsghdr valid
the buffer must be large enough to contain that header and to make
any data following the header valid the buffer must be large enough
to contain the padded header, i.e.
control->m_len >= CMSG_ALIGN(sizeof cmsghdr).

        nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(int);
may result in negative numbers.

Forcing CMSG_ALIGN(cm->cmsg_len) == control->m_len ensures all this,
but it is stricter than necessary. A more relaxed check as described
above can handle either 'idiom' in use.

                                Michael van Elst
                                "A potential Snark may lurk in every tree."

Home | Main Index | Thread Index | Old Index