Date: Tue, 26 Jan 2021 12:41:36 -0500 From: Rich Felker <dalias@...c.org> To: "zhuyan (M)" <zhuyan34@...wei.com> Cc: "musl@...ts.openwall.com" <musl@...ts.openwall.com>, Zengweilin <zengweilin@...wei.com>, "liucheng (G)" <liucheng32@...wei.com>, "chenzefeng (A)" <chenzefeng2@...wei.com> Subject: Re: [PATCH] fix segfault in recvmsg when msg argument is NULL On Mon, Jan 25, 2021 at 09:44:25PM -0500, Rich Felker wrote: > On Tue, Jan 12, 2021 at 07:58:26AM +0000, zhuyan (M) wrote: > > > > When msg is NULL, msg->msg_controllen exists to dereference a null pointer in recvmsg. > > "The recvmsg() function takes the following arguments: > ... > message > Points to a msghdr structure, ..." > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It was pointed out to me on IRC that there is an "if (msg) condition later (only on 64-bit archs), which makes this at least inconsistent. So some cleanup is probably called for. Also, the patch was incorrect even if you want to avoid crashing. It returns a negated error code rather than setting errno and returning -1. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.