On Thu, Feb 21, 2019 at 02:57:23AM +0000, [email protected] wrote: > > Hi Linux emulation experts, > > I find a potential issue on FreeBSD 12 official release for Linux emulation > syscall. > > The function 'linux_getsockname' in 'linux_socket.c' calls > 'bsd_to_linux_sockaddr', and it calls 'bsd_to_linux_domain' to convert > 'sa_family' from BSD domain to Linux domain. > > But after calling 'bsd_to_linux_sockaddr', 'linux_sa_put' is called, and it > calls 'bsd_to_linux_domain' to convert 'sa_family' from BSD domain to Linux > domain again. > But the 'sa_family' has already been converted. > Since the value of AF_INTE6 and LINUX_AF_INET6 is different, and converting > twice will cause issue.
This code is definitely unsafe. I'd opened a bug to track some of this issues at little while ago at: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232920. Would you mind pasting your analysis into that report? Do you have a simple test case? I only hit the issue while auditing some general code and so was leary about trying to fix unfamiliar code without one. Thanks, Brooks
signature.asc
Description: PGP signature
