We should specific the domain in sanitise_socket(). If out side it, we may get unrelated type and protocol.
Signed-off-by: Hangbin Liu <[email protected]> --- sockets.c | 9 +-------- syscalls/socket.c | 13 ++++++++++--- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/sockets.c b/sockets.c index d47da38..7eade96 100644 --- a/sockets.c +++ b/sockets.c @@ -105,14 +105,7 @@ void generate_sockets(void) /* Pretend we're child 0 and we've called sys_socket */ sanitise_socket(0); - //FIXME: If we passed a specific domain, we want to sanitise - // the proto/type fields. Split it out of sanitise_socket() - - if (do_specific_proto == TRUE) - domain = specific_proto; - else - domain = shm->a1[0]; - + domain = shm->a1[0]; type = shm->a2[0]; protocol = shm->a3[0]; diff --git a/syscalls/socket.c b/syscalls/socket.c index 2d9d6b9..26e3a6e 100644 --- a/syscalls/socket.c +++ b/syscalls/socket.c @@ -16,6 +16,7 @@ #include "sanitise.h" #include "shm.h" #include "config.h" +#include "params.h" #ifdef USE_CAIF #include <linux/caif/caif_socket.h> @@ -41,9 +42,15 @@ static int ax25_protocols[NR_AX25_PROTOS] = { /* note: also called from generate_sockets() & sanitise_socketcall() */ void sanitise_socket(int childno) { - unsigned long family = rand() % PF_MAX; - unsigned long type= rand() % TYPE_MAX; - unsigned long protocol = rand() % PROTO_MAX; + unsigned long family, type, protocol; + + if (do_specific_proto == TRUE) + family = specific_proto; + else + family = rand() % PF_MAX; + + type = rand() % TYPE_MAX; + protocol = rand() % PROTO_MAX; switch (family) { -- 1.8.1.4 -- To unsubscribe from this list: send the line "unsubscribe trinity" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
