On Tue, Feb 26, 2019 at 05:01:54AM +0000, [email protected] wrote: > > From: Brooks Davis <[email protected]> > > Sent: Tuesday, February 26, 2019 2:45 AM > > To: Chen, Weike <[email protected]> > > Cc: [email protected] > > Subject: Re: Potential issues for linux socket syscall > > > > On Thu, Feb 21, 2019 at 02:57:23AM +0000, [email protected] wrote: > > > > > > Hi Linux emulation experts, > > > > > > I find a potential issue on FreeBSD 12 official release for Linux > > > emulation > > syscall. > > > > > > The function 'linux_getsockname' in 'linux_socket.c' calls > > 'bsd_to_linux_sockaddr', and it calls 'bsd_to_linux_domain' to convert > > 'sa_family' from BSD domain to Linux domain. > > > > > > But after calling 'bsd_to_linux_sockaddr', 'linux_sa_put' is called, and > > > it calls > > 'bsd_to_linux_domain' to convert 'sa_family' from BSD domain to Linux domain > > again. > > > But the 'sa_family' has already been converted. > > > Since the value of AF_INTE6 and LINUX_AF_INET6 is different, and > > > converting > > twice will cause issue. > > > > This code is definitely unsafe. I'd opened a bug to track some of this > > issues at > > little while ago at: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232920. > > > > Would you mind pasting your analysis into that report? > I have past the analysis with the case and testing result on freebsd and > linux.
Thanks! -- Brooks > > Do you have a simple test case? I only hit the issue while auditing some > > general > > code and so was leary about trying to fix unfamiliar code without one. > > > > Thanks, > > Brooks >
signature.asc
Description: PGP signature
