This is the mail archive of the
mailing list for the glibc project.
Problem with CMSG_NXTHDR
- From: "Jonatan Nilsson" <Jonatan dot Nilsson at axis dot com>
- To: <libc-alpha at sources dot redhat dot com>
- Date: Tue, 30 Oct 2007 12:46:09 +0100
- Subject: Problem with CMSG_NXTHDR
Hello, I believe that the implementation of CMSG_NXTHDR is flawed in
sysdeps/unix/sysv/linux/cmsg_nxthdr.c. The reason is the use of cmsg_len
of the header that is to be returned. This is fine for a received
message, since everything is already in the header structs.
However, if we use CMSG_NXTHDR to initialize a new control message to be
sent using sendmsg (as Stevens/Rago does in Advanced Programming in the
UNIX Environment, second edition, section 17.4), the data here may not
be initialized yet.
We use CMSG_NXTHDR to get a pointer to the header with the data that
we're about to initialize, so it can't be right to use this data inside
CMSG_NXTHDR. I think this extra check should be removed, as it is in the
version in the linux kernel (linux/socket.h).
Diff from sysdeps/unix/sysv/linux:
@@ -30,9 +30,7 @@
cmsg = (struct cmsghdr *) ((unsigned char *) cmsg
+ CMSG_ALIGN (cmsg->cmsg_len));
if ((unsigned char *) (cmsg + 1) > ((unsigned char *)
- + mhdr->msg_controllen)
- || ((unsigned char *) cmsg + CMSG_ALIGN (cmsg->cmsg_len)
- > ((unsigned char *) mhdr->msg_control +
+ + mhdr->msg_controllen))
/* No more entries. */