From: "Robert Williamson" <robbiew@us.ibm.com>
Date: Wed, 5 Dec 2001 16:33:04 -0600
Looking at the code for "recvfrom", I can add the
following two lines after line 1253:
1251 sock = sockfd_lookup(fd, &err);
1252 if (!sock)
1253 goto out;
***1254 err2 = verify_area(VERIFY_WRITE, ubuf, size);
***1255 if ( err2 ) return -EFAULT;
to handle the situation.
Firstly, I think it would be perfectly valid to pass in a NULL 'ubuf'
and a zero 'size' just to get the 'addr'+'addr_len' components or to
just obtain a socket error. The generic socket layer is no place for
policy like checking the validity of user pointers.
Furthermore, out of bounds pointer checking is not guarenteed, not by
the BSD socket API and not by any standard out there. It is always
undefined behavior when you pass in bad pointers to the kernel.
For example, if you call write() on "/dev/null" with a bad pointer
it will not give you EFAULT. It will always return the "count" you
give to it.
In short, the LTP test needs to be fixed.
Franks a lot,
David S. Miller
davem@redhat.com
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
