[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 26 Jan 2021 12:41:36 -0500
From: Rich Felker <dalias@...c.org>
To: "zhuyan (M)" <zhuyan34@...wei.com>
Cc: "musl@...ts.openwall.com" <musl@...ts.openwall.com>,
Zengweilin <zengweilin@...wei.com>,
"liucheng (G)" <liucheng32@...wei.com>,
"chenzefeng (A)" <chenzefeng2@...wei.com>
Subject: Re: [PATCH] fix segfault in recvmsg when msg argument is NULL
On Mon, Jan 25, 2021 at 09:44:25PM -0500, Rich Felker wrote:
> On Tue, Jan 12, 2021 at 07:58:26AM +0000, zhuyan (M) wrote:
> >
> > When msg is NULL, msg->msg_controllen exists to dereference a null pointer in recvmsg.
>
> "The recvmsg() function takes the following arguments:
> ...
> message
> Points to a msghdr structure, ..."
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It was pointed out to me on IRC that there is an "if (msg) condition
later (only on 64-bit archs), which makes this at least inconsistent.
So some cleanup is probably called for.
Also, the patch was incorrect even if you want to avoid crashing. It
returns a negated error code rather than setting errno and returning
-1.
Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
