Re: [PATCH 1/2] c/r: Do not crash if socket has no peercred

Oren Laadan <orenl@xxxxxxxxxxxxxxx> · Fri, 25 Mar 2011 22:08:15 -0400

Pulled for ckpt-v23-rc2.

Oren.

On 02/07/2011 11:42 AM, Dan Smith wrote:
> Unconnected sockets don't have a valid sk_peercred yet.  If we checkpoint
> them, we'll segv on the NULL pointer.
> 
> Signed-off-by: Dan Smith <danms@xxxxxxxxxx>
> ---
>  net/unix/checkpoint.c |   52 +++++++++++++++++++++++++++---------------------
>  1 files changed, 29 insertions(+), 23 deletions(-)
> 
> diff --git a/net/unix/checkpoint.c b/net/unix/checkpoint.c
> index 708df40..25464cc 100644
> --- a/net/unix/checkpoint.c
> +++ b/net/unix/checkpoint.c
> @@ -159,16 +159,19 @@ int unix_checkpoint(struct ckpt_ctx *ctx, struct socket *sock)
>  		goto out;
>  	}
>  
> -	/*
> -	 * intentionally drop 'const' qualifier for checkpoint_obj() to
> -	 * increment the usage count - it does not alter the credentials.
> -	 */
> -	cred = (struct cred *) get_cred(sock->sk->sk_peer_cred);
> -	un->peercred = checkpoint_obj(ctx, cred, CKPT_OBJ_CRED);
> -	put_cred(cred);
> -	if (un->peercred < 0) {
> -		ret = un->peercred;
> -		goto out;
> +	if (sock->sk->sk_peer_cred) {
> +		/*
> +		 * intentionally drop 'const' qualifier for
> +		 * checkpoint_obj() to increment the usage count - it
> +		 * does not alter the credentials.
> +		 */
> +		cred = (struct cred *) get_cred(sock->sk->sk_peer_cred);
> +		un->peercred = checkpoint_obj(ctx, cred, CKPT_OBJ_CRED);
> +		put_cred(cred);
> +		if (un->peercred < 0) {
> +			ret = un->peercred;
> +			goto out;
> +		}
>  	}
>  
>  	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) un);
> @@ -438,19 +441,22 @@ static int unix_restore_connected(struct ckpt_ctx *ctx,
>  		addrlen = un->laddr_len;
>  	}
>  
> -	cred = ckpt_obj_fetch(ctx, un->peercred, CKPT_OBJ_CRED);
> -	if (!cred) {
> -		ckpt_err(ctx, -EINVAL, "%(O)Bad peer cred\n", un->peercred);
> -		return -EINVAL;
> -	}
> -
> -	if (may_setuid(ctx->realcred->user->user_ns, cred->uid) &&
> -	    may_setgid(cred->gid)) {
> -		set_peercred(sk, task_tgid(current), cred);
> -	} else {
> -		ckpt_err(ctx, -EPERM, "peercred %i:%i would require setuid",
> -			 cred->uid, cred->gid);
> -		return -EPERM;
> +	if (un->peercred) {
> +		cred = ckpt_obj_fetch(ctx, un->peercred, CKPT_OBJ_CRED);
> +		if (!cred) {
> +			ckpt_err(ctx, -EINVAL,
> +				 "%(O)Bad peer cred\n", un->peercred);
> +			return -EINVAL;
> +		}
> +		if (may_setuid(ctx->realcred->user->user_ns, cred->uid) &&
> +		    may_setgid(cred->gid)) {
> +			set_peercred(sk, task_tgid(current), cred);
> +		} else {
> +			ckpt_err(ctx, -EPERM,
> +				 "peercred %i:%i would require setuid",
> +				 cred->uid, cred->gid);
> +			return -EPERM;
> +		}
>  	}
>  
>  	if (!dead && (un->peer > 0)) {
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers