[PATCH 1/2] sock: fix bitwise OR operation short circuit
JingPiao Chen
chenjingpiao at gmail.com
Mon Dec 19 15:33:46 UTC 2016
sock.c: 150
150 if (syserror(tcp) || umove(tcp, addr, &ifc) < 0) {
151 if (ifc.ifc_buf)
152 tprints("}");
153 else
154 printaddr(addr);
155 return RVAL_DECODED | 1;
156 }
Second enter function decode_ifconf(), if syserror(tcp) is true,
variable ifc is garbage value. "if (ifc.ifc_buf)" may be wrong.
example:
int main(void)
{
struct ifconf ifc;
ioctl(-1, SIOCGIFCONF, &ifc);
return 0;
}
strace -eioctl output:
ioctl(-1, SIOCGIFCONF, {41958240x7ffc354f9bc0) = -1 EBADF (Bad file
descriptor)
>From 5b2d4f12d61e5a03212de948508e830c9aeeef87 Mon Sep 17 00:00:00 2001
From: JingPiao Chen <chenjingpiao at gmail.com>
Date: Mon, 19 Dec 2016 23:08:09 +0800
Subject: [PATCH 1/2] sock: fix bitwise OR operation short circuit
* sock.c (decode_ifconf): Exchange the place of syserror() and umove().
---
sock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sock.c b/sock.c
index cf13896..0bdb7a9 100644
--- a/sock.c
+++ b/sock.c
@@ -147,7 +147,7 @@ decode_ifconf(struct tcb *tcp, const long addr)
return 1;
}
- if (syserror(tcp) || umove(tcp, addr, &ifc) < 0) {
+ if (umove(tcp, addr, &ifc) < 0 || syserror(tcp)) {
if (ifc.ifc_buf)
tprints("}");
else
--
2.7.4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20161219/42cb4c18/attachment.html>
More information about the Strace-devel
mailing list