Summary: | setsockopt() accepts too long arguments allowing programmer errors | ||
---|---|---|---|
Product: | Base System | Reporter: | Brooks Davis <brooks> |
Component: | kern | Assignee: | freebsd-net (Nobody) <net> |
Status: | New --- | ||
Severity: | Affects Only Me | ||
Priority: | --- | ||
Version: | CURRENT | ||
Hardware: | Any | ||
OS: | Any |
Description
Brooks Davis
2017-04-27 17:39:34 UTC
A commit references this bug: Author: brooks Date: Fri Apr 28 17:58:16 UTC 2017 New revision: 317566 URL: https://svnweb.freebsd.org/changeset/base/317566 Log: Don't pass size_t arguments to setsockopt(SO_SNDBUF/SO_RCVBUF). These command take an int. The tests work by accident on little-endian, 64-bit systems. PR: 218919 Tested with: qemu-cheri and CheriBSD built for mips64 Reviewed by: asomers, ngie Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D10518 Changes: head/tests/sys/kern/unix_seqpacket_test.c A commit references this bug: Author: brooks Date: Fri May 5 15:15:42 UTC 2017 New revision: 317831 URL: https://svnweb.freebsd.org/changeset/base/317831 Log: MFC r317566: Don't pass size_t arguments to setsockopt(SO_SNDBUF/SO_RCVBUF). These commands take an int. The tests work by accident on little-endian, 64-bit systems. PR: 218919 Tested with: qemu-cheri and CheriBSD built for mips64 Reviewed by: asomers, ngie Obtained from: CheriBSD Sponsored by: DARPA, AFRL Changes: _U stable/11/ stable/11/tests/sys/kern/unix_seqpacket_test.c A commit references this bug: Author: brooks Date: Fri May 5 16:24:35 UTC 2017 New revision: 317834 URL: https://svnweb.freebsd.org/changeset/base/317834 Log: MFC r317566: Don't pass size_t arguments to setsockopt(SO_SNDBUF/SO_RCVBUF). These commands take an int. The tests work by accident on little-endian, 64-bit systems. PR: 218919 Tested with: qemu-cheri and CheriBSD built for mips64 Reviewed by: asomers, ngie Obtained from: CheriBSD Sponsored by: DARPA, AFRL Changes: _U stable/10/ stable/10/tests/sys/kern/unix_seqpacket_test.c I did a quick scan of sooptcopyin() use and only a tiny portion of callers call with a minlength less than length. We should likely separate the two usecases. Separately, only one case seems to use the support for overly long arguments. If most cases that support seems harmful since it allows userspace programming errors to be hidden. |