Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix UnixAddr::size on Linux and Android #1702

Merged
merged 1 commit into from
Apr 22, 2022
Merged

Fix UnixAddr::size on Linux and Android #1702

merged 1 commit into from
Apr 22, 2022

Conversation

asomers
Copy link
Member

@asomers asomers commented Apr 22, 2022

SockaddrLike::size() is meant to return the amount of space that can be
used to store the sockaddr. But on Linux-based OSes, UnixAddr contains
an extra field to store the address's length. This field is not part of
the address, and should not contribute to the value of size().

This bug can't cause an out-of-bounds write, and every OS that we test
on can tolerate the greater-than-expected length, but it might confuse
applications that implement functions similar to getsockname in
userland.

@asomers asomers requested a review from rtzoeller April 22, 2022 17:56
rtzoeller
rtzoeller approved these changes Apr 22, 2022
View reviewed changes
Copy link
Collaborator

@rtzoeller rtzoeller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worth releasing a 0.24.1 over?

@asomers
Fix UnixAddr::size on Linux and Android
db969c5 
SockaddrLike::size() is meant to return the amount of space that can be
used to store the sockaddr.  But on Linux-based OSes, UnixAddr contains
an extra field to store the address's length.  This field is not part of
the address, and should not contribute to the value of size().

This bug can't cause an out-of-bounds write, and every OS that we test
on can tolerate the greater-than-expected length, but it might confuse
applications that implement functions similar to getsockname in
userland.
@asomers
Copy link
Member Author

asomers commented Apr 22, 2022

Worth releasing a 0.24.1 over?

I think so. I discovered this bug by trying to update nbdkit to nix 0.24.0. It caused nbdkit's tests to fail.

@rtzoeller
Copy link
Collaborator

Worth releasing a 0.24.1 over?

I think so. I discovered this bug by trying to update nbdkit to nix 0.24.0. It caused nbdkit's tests to fail.

I can do that this evening.

bors r+

@bors
Copy link
Contributor

bors bot commented Apr 22, 2022

Build succeeded:

@bors bors bot merged commit 2854888 into master Apr 22, 2022
@rtzoeller
Copy link
Collaborator

@asomers anything else we want to squeeze into 0.24.1? Otherwise I'll publish a release ASAP.

@asomers asomers deleted the UnixAddr.size branch April 22, 2022 22:29
@asomers
Copy link
Member Author

asomers commented Apr 22, 2022

No, I'm not aware of anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rtzoeller rtzoeller rtzoeller approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@asomers @rtzoeller