Re: struct sockaddr_storage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Rick,

On 1/24/23 12:16, Rich Felker wrote:

On Fri, Jan 20, 2023 at 12:06:50PM +0200, Stefan Puiu via Libc-alpha wrote:

Hi Alex,

On Thu, Jan 19, 2023 at 4:14 PM Alejandro Colomar
<alx.manpages@xxxxxxxxx> wrote:


Hi!

I just received a report about struct sockaddr_storage in the man pages.  It
reminded me of some concern I've always had about it: it doesn't seem to be a
usable type.

It has some alignment promises that make it "just work" most of the time, but
it's still a UB mine, according to ISO C.

According to strict aliasing rules, if you declare a variable of type 'struct
sockaddr_storage', that's what you get, and trying to access it later as some
other sockaddr_8 is simply not legal.  The compiler may assume those accesses
can't happen, and optimize as it pleases.


Can you detail the "is not legal" part? How about the APIs like
connect() etc that use pointers to struct sockaddr, where the
underlying type is different, why would that be legal while using
sockaddr_storage isn't?


Because they're specified to take different types. In C, any struct
pointer type can legally point to any other struct type. You just
can't dereference through it with the wrong type.
Yep. Which basically means that users need to treat sockaddr structures as black boxes. Otherwise, there's going to be undefined behavior at some point. Because of course, you can't know the right type before reading the first field, which is already UB. 


How the
implementation of connect etc. handle this is an implementation
detail. You're allowed to pass pointers to struct sockaddr_in, etc. to
connect etc. simply because the specification says you are.
While the implementation has some more freedom regarding UB, in this case it's waiting for a compiler optimization to break this code, so I'd go the safe way and use standard C techniques in libc so that there are no long-term UB issues.
As a side effect, user code that currently invokes UB could be changed to have defined behavior. 



In any case, sockaddr_storage is a legacy thing designed by folks who
didn't understand the rules of the C language. It should never appear
in modern code except perhaps with sizeof for allocting buffers. There
is no action that needs to be taken here except documenting that it
should not be used (cannot be used meaningfully without UB).
I agree with you on this. sockaddr_storage has been broken since day 0. However, for designing a solution for libc using unions, it could be useful. 



Rich


Cheers,

Alex

--
<http://www.alejandro-colomar.es/>

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux