Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 Jan 2021 12:41:36 -0500
From: Rich Felker <>
To: "zhuyan (M)" <>
Cc: "" <>,
	Zengweilin <>,
	"liucheng (G)" <>,
	"chenzefeng (A)" <>
Subject: Re: [PATCH] fix segfault in recvmsg when msg argument is NULL

On Mon, Jan 25, 2021 at 09:44:25PM -0500, Rich Felker wrote:
> On Tue, Jan 12, 2021 at 07:58:26AM +0000, zhuyan (M) wrote:
> > 
> > When msg is NULL, msg->msg_controllen exists to dereference a null pointer in recvmsg.
> "The recvmsg() function takes the following arguments:
>     ...
>     message
>         Points to a msghdr structure, ..."
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It was pointed out to me on IRC that there is an "if (msg) condition
later (only on 64-bit archs), which makes this at least inconsistent.
So some cleanup is probably called for.

Also, the patch was incorrect even if you want to avoid crashing. It
returns a negated error code rather than setting errno and returning


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.