Re: net: socket: NULL ptr deref in sendmsg

From: Sasha Levin
Date: Fri Jul 25 2014 - 16:58:21 EST

Next message: Thomas Gleixner: "Re: [RFC][PATCH] irq: Rework IRQF_NO_SUSPENDED"
Previous message: Jerome Glisse: "Re: [PATCH 1/3] mmu_notifier: Add mmu_notifier_invalidate_range()"
In reply to: Eric Dumazet: "Re: net: socket: NULL ptr deref in sendmsg"
Next in thread: Hannes Frederic Sowa: "Re: net: socket: NULL ptr deref in sendmsg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/25/2014 11:23 AM, Andrey Ryabinin wrote:
> After this report there was no usual "Unable to handle kernel NULL pointer dereference"
> and this gave me a clue that address 0 is mapped and contains valid socket address structure in it.

Interesting. Does it mean that all network protocols that check it for being NULL instead of checking
the length are incorrect?

(such as:)

if (msg->msg_name) {
DECLARE_SOCKADDR(struct sockaddr_can *, addr, msg->msg_name);

[...]

Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [RFC][PATCH] irq: Rework IRQF_NO_SUSPENDED"
Previous message: Jerome Glisse: "Re: [PATCH 1/3] mmu_notifier: Add mmu_notifier_invalidate_range()"
In reply to: Eric Dumazet: "Re: net: socket: NULL ptr deref in sendmsg"
Next in thread: Hannes Frederic Sowa: "Re: net: socket: NULL ptr deref in sendmsg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]