Re: [Libcg-devel] [PATCH 2/2] cgrulesengd: Ignore netlink messages that don't come from the kernel.

Wed, 23 Feb 2011 03:42:25 -0800 

On 02/18/2011 02:55 AM, Nelson Elhage wrote:
> recvfrom() returns the address, it doesn't filter the packet based on the
> sender. We need to explicitly check the received address after the call 
> happens.
> 
> Signed-off-by: Nelson Elhage <nelh...@ksplice.com>
Acked-By: Jan Safranek <jsafr...@redhat.com>

> ---
>  src/daemon/cgrulesengd.c |   11 ++++-------
>  1 files changed, 4 insertions(+), 7 deletions(-)
> 
> diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
> index 10fd2cd..5a965fd 100644
> --- a/src/daemon/cgrulesengd.c
> +++ b/src/daemon/cgrulesengd.c
> @@ -503,17 +503,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
>       struct sockaddr_nl from_nla;
>       socklen_t from_nla_len;
>       struct nlmsghdr *nlh;
> -     struct sockaddr_nl kern_nla;
>       struct cn_msg *cn_hdr;
>  
> -     kern_nla.nl_family = AF_NETLINK;
> -     kern_nla.nl_groups = CN_IDX_PROC;
> -     kern_nla.nl_pid = 1;
> -     kern_nla.nl_pad = 0;
> -
>       memset(buff, 0, sizeof(buff));
>       from_nla_len = sizeof(from_nla);
> -     memcpy(&from_nla, &kern_nla, sizeof(from_nla));
>       recv_len = recvfrom(sk_nl, buff, sizeof(buff), 0,
>               (struct sockaddr *)&from_nla, &from_nla_len);
>       if (recv_len == ENOBUFS) {
> @@ -523,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
>       if (recv_len < 1)
>               return 0;
>  
> +     if (from_nla.nl_groups != CN_IDX_PROC
> +         || from_nla.nl_pid != 0)
> +             return 0;
> +
>       nlh = (struct nlmsghdr *)buff;
>       while (NLMSG_OK(nlh, recv_len)) {
>               cn_hdr = NLMSG_DATA(nlh);


------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel

Reply via email to