Potential issues for linux socket syscall
Brooks Davis
brooks at freebsd.org
Mon Feb 25 18:45:05 UTC 2019
On Thu, Feb 21, 2019 at 02:57:23AM +0000, Weike.Chen at Dell.com wrote:
>
> Hi Linux emulation experts,
>
> I find a potential issue on FreeBSD 12 official release for Linux emulation syscall.
>
> The function 'linux_getsockname' in 'linux_socket.c' calls 'bsd_to_linux_sockaddr', and it calls 'bsd_to_linux_domain' to convert 'sa_family' from BSD domain to Linux domain.
>
> But after calling 'bsd_to_linux_sockaddr', 'linux_sa_put' is called, and it calls 'bsd_to_linux_domain' to convert 'sa_family' from BSD domain to Linux domain again.
> But the 'sa_family' has already been converted.
> Since the value of AF_INTE6 and LINUX_AF_INET6 is different, and converting twice will cause issue.
This code is definitely unsafe. I'd opened a bug to track some of this
issues at little while ago at:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232920.
Would you mind pasting your analysis into that report?
Do you have a simple test case? I only hit the issue while auditing
some general code and so was leary about trying to fix unfamiliar code
without one.
Thanks,
Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-emulation/attachments/20190225/dd42a7ed/attachment.sig>
More information about the freebsd-emulation
mailing list