tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: getnameinfo extra len checking



On Mon Jun 21 2010 at 11:57:10 -0400, Thor Lancelot Simon wrote:
> On Mon, Jun 21, 2010 at 10:06:36AM -0400, Sean Boudreau wrote:
> > On Thu, Jun 17, 2010 at 07:35:09PM -0400, Christos Zoulas wrote:
> > > On Jun 17,  5:25pm, tls%panix.com@localhost (Thor Lancelot Simon) wrote:
> > > -- Subject: Re: getnameinfo extra len checking
> > > 
> > > | On Thu, Jun 17, 2010 at 09:02:16PM +0000, Christos Zoulas wrote:
> > > | > 
> > > | > What is sa_len in that case? I think it is 0. If so, then we can
> > > allow
> > > | > 0 through.
> > > | 
> > > | What's setting 0?  Not setting sa_len is bogus.
> > > 
> > > Right, linux code that does not set sa_len...
> > 
> > So I'm leaning towards removing this check enirely.  Would
> > that be acceptable?
> 
> I do not think so.  Why should we pander to broken code that doesn't
> set sa_len?

What is the purpose of sa_len?  The value is a function of sa_family,
is it not?  IIRC the only place where the value in sockaddr is really
needed is the radix code.  The requirements of the radix code should
not be exposed to the whole world.  *That* is broken if anything.

(apologies if my memory on the subject is too hazy to be useful)


Home | Main Index | Thread Index | Old Index