We should specific the domain in sanitise_socket(). If out side it, we may get
unrelated type and protocol.
Signed-off-by: Hangbin Liu <liuhangbin@xxxxxxxxx>
---
sockets.c | 9 +--------
syscalls/socket.c | 13 ++++++++++---
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/sockets.c b/sockets.c
index d47da38..7eade96 100644
--- a/sockets.c
+++ b/sockets.c
@@ -105,14 +105,7 @@ void generate_sockets(void)
/* Pretend we're child 0 and we've called sys_socket */
sanitise_socket(0);
- //FIXME: If we passed a specific domain, we want to sanitise
- // the proto/type fields. Split it out of sanitise_socket()
-
- if (do_specific_proto == TRUE)
- domain = specific_proto;
- else
- domain = shm->a1[0];
-
+ domain = shm->a1[0];
type = shm->a2[0];
protocol = shm->a3[0];
diff --git a/syscalls/socket.c b/syscalls/socket.c
index 2d9d6b9..26e3a6e 100644
--- a/syscalls/socket.c
+++ b/syscalls/socket.c
@@ -16,6 +16,7 @@
#include "sanitise.h"
#include "shm.h"
#include "config.h"
+#include "params.h"
#ifdef USE_CAIF
#include <linux/caif/caif_socket.h>
@@ -41,9 +42,15 @@ static int ax25_protocols[NR_AX25_PROTOS] = {
/* note: also called from generate_sockets() & sanitise_socketcall() */
void sanitise_socket(int childno)
{
- unsigned long family = rand() % PF_MAX;
- unsigned long type= rand() % TYPE_MAX;
- unsigned long protocol = rand() % PROTO_MAX;
+ unsigned long family, type, protocol;
+
+ if (do_specific_proto == TRUE)
+ family = specific_proto;
+ else
+ family = rand() % PF_MAX;
+
+ type = rand() % TYPE_MAX;
+ protocol = rand() % PROTO_MAX;
switch (family) {
--
1.8.1.4
--
To unsubscribe from this list: send the line "unsubscribe trinity" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
