Opened 11 years ago
Closed 11 years ago
#9943 closed bug (duplicate)
bind and connect don't use the length argument in Unix sockets
| Reported by: | Anarchos | Owned by: | axeld |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | Network & Internet/Stack | Version: | R1/Development |
| Keywords: | bind length | Cc: | |
| Blocked By: | Blocking: | ||
| Platform: | x86 |
Description
In the Unix network protocol suite, bind and connect don't seem to take the length argument into account.
Attachments (1)
Change History (6)
by , 11 years ago
| Attachment: | 0001-Add-length-paramter-to-bind-and-connect.patch added |
|---|
comment:1 by , 11 years ago
| patch: | 0 → 1 |
|---|
comment:2 by , 11 years ago
The attached patch is for academic purposes only right now since applying it breaks networking.
comment:3 by , 11 years ago
Please have a look at the sockaddr structure, specifically its sa_len field.
Long story short, I have no idea what this ticket is about.
comment:4 by , 11 years ago
I hope Anarchos comes back with some more details about the problem he's having, it has something to do with problems experienced while porting the OCaml debugger to Haiku.
Relevant IRC log details:
ret = bind(Int_val(socket), &addr.s_gen, addr_len); // Int_val(socket) = 24 and addr.s_gen = 1^9^/tmp/camldebug10216 and addr_len=21 it creates a file "/tmp/camldebug10216nj[0m" it is likely that the len should be 22 to take the null character into account its length is offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1, and sun_path contains the null-terminated pathname. File name is now correct with the +1, but it still says that it cannot connect to it. And i notice that the permissions are srw-r--r-- It seems BSD accepts it because you give a length to bind anyway (reading byte after the specified length is a bug in any case, we should either add an \0 if it's missing, or just fail with EINVAL or so) This code comes from official source code of the OCaml debugger, and does not cause troubles on the other platform, so it seems all the other OS add the null character... bind makes the correct file name yes, with "srw-r--r--" permission but the rest of the program still crashes. If i inspect memory with Debugger/Inspect, i see the \0, but the length passed doesn't extends to it, so i guess we do a memcopy with it in a buffer, and forgot to copy the \0 The problem is that the \0 gets lost so at some point there is something copying the data using the given length but then we switch to sizeof(struct) instead and the place where the string ends get lost and likely use min(size, strlen(struct.name)) as the actual size at this point.
Note:
See TracTickets
for help on using tickets.
Add length parameter to bind() and connect()