[PATCH 5/8] netlink: add a basic socket diag parser of AF_INET messages
Dmitry V. Levin
ldv at altlinux.org
Wed Jun 14 20:23:37 UTC 2017
On Thu, Jun 15, 2017 at 12:02:08AM +0800, JingPiao Chen wrote:
> On Wed, Jun 14, 2017 at 06:52:38PM +0300, Dmitry V. Levin wrote:
> > On Wed, Jun 14, 2017 at 11:26:41PM +0800, JingPiao Chen wrote:
> > > On Tue, Jun 13, 2017 at 11:31:50PM +0300, Dmitry V. Levin wrote:
> > > > On Tue, Jun 13, 2017 at 10:13:22PM +0800, JingPiao Chen wrote:
> > > [...]
> > > > >
> > > > > @@ -210,9 +214,127 @@ decode_packet_diag_msg(struct tcb *const tcp,
> > > > > return true;
> > > > > }
> > > > >
> > > > > +static void
> > > > > +print_inet_diag_sockid(const struct inet_diag_sockid *id, const uint8_t family)
> > > > > +{
> > > > > + tprintf("{idiag_sport=htons(%u), idiag_dport=htons(%u)",
> > > > > + ntohs(id->idiag_sport), ntohs(id->idiag_dport));
> > > > > + int text_size = family == AF_INET ?
> > > > > + INET_ADDRSTRLEN : INET6_ADDRSTRLEN;
> > > > > + char buf[text_size];
> > > > > +
> > > > > + inet_ntop(family, id->idiag_src, buf, text_size);
> > > > > + tprintf(", inet_pton(%s, \"%s\", idiag_src)",
> > > > > + family == AF_INET ? "AF_INET" : "AF_INET6", buf);
> > > > > +
> > > > > + inet_ntop(family, id->idiag_dst, buf, text_size);
> > > > > + tprintf(", inet_pton(%s, \"%s\", idiag_dst)",
> > > > > + family == AF_INET ? "AF_INET" : "AF_INET6", buf);
> > > >
> > > > As "family" is untrusted input, we cannot assume it's either AF_INET or
> > > > AF_INET6. In fact, inet_ntop currently supports AF_INET and AF_INET6
> > > > only, so I wouldn't bother invoking inet_ntop with any other address
> > > > family argument.
> > >
> > > Now family only AF_INET or AF_INET6. All the caller
> > > (decode_inet_diag_req_compat, decode_inet_diag_req_v2,
> > > decode_inet_diag_msg, decode_smc_diag_req, decode_smc_diag_msg)
> > > will pass AF_INET or AF_INET6. I update it, but can not check
> > > the case family neither AF_INET nor AF_INET6.
> >
> > Do you mean that "family" is guaranteed to be either AF_INET or AF_INET6
> > by the calling convention?
>
> Yes.
OK, then you can assume it's either AF_INET or AF_INET6.
Anyway, you can code this defensively by checking inet_ntop return code.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20170614/e89b5570/attachment.bin>
More information about the Strace-devel
mailing list