This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Problem with CMSG_NXTHDR

Hello, I believe that the implementation of CMSG_NXTHDR is flawed in
sysdeps/unix/bsd/bsd4.4/bits/socket.h and
sysdeps/unix/sysv/linux/cmsg_nxthdr.c. The reason is the use of cmsg_len
of the header that is to be returned. This is fine for a received
message, since everything is already in the header structs.

However, if we use CMSG_NXTHDR to initialize a new control message to be
sent using sendmsg (as Stevens/Rago does in Advanced Programming in the
UNIX Environment, second edition, section 17.4), the data here may not
be initialized yet.

We use CMSG_NXTHDR to get a pointer to the header with the data that
we're about to initialize, so it can't be right to use this data inside
CMSG_NXTHDR. I think this extra check should be removed, as it is in the
version in the linux kernel (linux/socket.h).

Diff from sysdeps/unix/sysv/linux:

@@ -30,9 +30,7 @@
   cmsg = (struct cmsghdr *) ((unsigned char *) cmsg
                             + CMSG_ALIGN (cmsg->cmsg_len));
   if ((unsigned char *) (cmsg + 1) > ((unsigned char *)
-                                     + mhdr->msg_controllen)
-      || ((unsigned char *) cmsg + CMSG_ALIGN (cmsg->cmsg_len)
-         > ((unsigned char *) mhdr->msg_control +
+                                     + mhdr->msg_controllen))
     /* No more entries.  */
     return NULL;
   return cmsg;

/Jonatan Nilsson

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]