Re: bin/38396: sshd does not work

[Michael van Elst <mlelstv%serpens.de@localhost>]

The following reply was made to PR bin/38396; it has been noted by GNATS.

From: Michael van Elst <mlelstv%serpens.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/38396: sshd does not work
Date: Sun, 13 Apr 2008 15:01:01 +0200

 The kernel doesn't agree with how ssh uses a control message to
 pass file descriptors around.
 
 This is what the kernel checks:
 
 unp_internalize(...)
          /* Sanity check the control message header. */
          if (cm->cmsg_type != SCM_RIGHTS || cm->cmsg_level != SOL_SOCKET ||
              cm->cmsg_len != control->m_len)
                  return (EINVAL);        
 
 which agrees with the old ssh:
 
        char tmp[CMSG_SPACE(sizeof(int))];
        msg.msg_control = (caddr_t)tmp;
        msg.msg_controllen = CMSG_LEN(sizeof(int));
           cmsg->cmsg_len = CMSG_LEN(sizeof(int));
 
 -> msg.msg_controllen is the unpadded length and equal to cmsg_len.
 
 but the new ssh does:
 
        union {
                struct cmsghdr hdr;
                char buf[CMSG_SPACE(sizeof(int))];
        } cmsgbuf;
        msg.msg_control = (caddr_t)&cmsgbuf.buf;
        msg.msg_controllen = sizeof(cmsgbuf.buf);
           cmsg->cmsg_len = CMSG_LEN(sizeof(int));
 
 -> msg.msg_controllen is the padded length of the buffer
 
 Which way is correct?
 
 -- 
                                 Michael van Elst
 Internet: mlelstv%serpens.de@localhost
                                 "A potential Snark may lurk in every tree."