[PATCH] Bug in sendto() causes OOPS when using RAW sockets

From: Octavian Cerna (tavy@igreconline.com)
Date: Wed Aug 22 2001 - 11:07:36 EST

Next message: Christoph Rohland: "Re: [Patch] sysinfo compatibility"
Previous message: Christian Jaeger: "Rawio and mirroring (sw raid)"
Next in thread: David S. Miller: "Re: [PATCH] Bug in sendto() causes OOPS when using RAW sockets"
Reply: David S. Miller: "Re: [PATCH] Bug in sendto() causes OOPS when using RAW sockets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Studying the implementation of raw IPv4 sockets I found that calling
sendto() on a raw socket with a NULL socket address generates a kernel
OOPS.

I checked this on kernel 2.4.3, but I also checked the sources in CVS on
vger -- the bug is still there.

The problem is that raw_sendmsg() in net/ipv4/raw.c blindly assumes that
msg_name is valid if msg_namelen is non-zero. I found that sys_sendto()
doesn't correctly build the msghdr structure if the socket address is
NULL.

I attached a small patch to fix this issue, a C program for testing the
problem and my OOPS log.

Best Regards,

Octavian Cerna
IGREC Labs

application/octet-stream attachment: sendto.diff

application/octet-stream attachment: sendto.c

application/octet-stream attachment: sendto.oops

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Rohland: "Re: [Patch] sysinfo compatibility"
Previous message: Christian Jaeger: "Rawio and mirroring (sw raid)"
Next in thread: David S. Miller: "Re: [PATCH] Bug in sendto() causes OOPS when using RAW sockets"
Reply: David S. Miller: "Re: [PATCH] Bug in sendto() causes OOPS when using RAW sockets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:49 EST