diff options
| author | Florian Weimer <fweimer@redhat.com> | 2015-11-09 12:48:41 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2015-11-09 12:48:41 +0100 |
| commit | 2eecc8afd02d8c65cf098cbae4de87f332dc21bd (patch) | |
| tree | a36cb50020b3836a379e515af5d1874d8d8ea92f /ChangeLog | |
| parent | f3d18efb8a720121066dc3401e822043beb98cde (diff) | |
| download | glibc-2eecc8afd02d8c65cf098cbae4de87f332dc21bd.tar.xz glibc-2eecc8afd02d8c65cf098cbae4de87f332dc21bd.zip | |
Terminate process on invalid netlink response from kernel [BZ #12926]
The recvmsg system calls for netlink sockets have been particularly
prone to picking up unrelated data after a file descriptor race
(where the descriptor is closed and reopened concurrently in a
multi-threaded process, as the result of a file descriptor
management issue elsewhere). This commit adds additional error
checking and aborts the process if a datagram of unexpected length
(without the netlink header) is received, or an error code which
cannot happen due to the way the netlink socket is used.
[BZ #12926]
Terminate process on invalid netlink response.
* sysdeps/unix/sysv/linux/netlinkaccess.h
(__netlink_assert_response): Declare.
* sysdeps/unix/sysv/linux/netlink_assert_response.c: New file.
* sysdeps/unix/sysv/linux/Makefile [$(subdir) == inet]
(sysdep_routines): Add netlink_assert_response.
* sysdeps/unix/sysv/linux/check_native.c (__check_native): Call
__netlink_assert_response.
* sysdeps/unix/sysv/linux/check_pf.c (make_request): Likewise.
* sysdeps/unix/sysv/linux/ifaddrs.c (__netlink_request): Likewise.
* sysdeps/unix/sysv/linux/Versions (GLIBC_PRIVATE): Add
__netlink_assert_response.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -1,3 +1,19 @@ +2015-11-09 Florian Weimer <fweimer@redhat.com> + + [BZ #12926] + Terminate process on invalid netlink response. + * sysdeps/unix/sysv/linux/netlinkaccess.h + (__netlink_assert_response): Declare. + * sysdeps/unix/sysv/linux/netlink_assert_response.c: New file. + * sysdeps/unix/sysv/linux/Makefile [$(subdir) == inet] + (sysdep_routines): Add netlink_assert_response. + * sysdeps/unix/sysv/linux/check_native.c (__check_native): Call + __netlink_assert_response. + * sysdeps/unix/sysv/linux/check_pf.c (make_request): Likewise. + * sysdeps/unix/sysv/linux/ifaddrs.c (__netlink_request): Likewise. + * sysdeps/unix/sysv/linux/Versions (GLIBC_PRIVATE): Add + __netlink_assert_response. + 2015-11-07 H.J. Lu <hongjiu.lu@intel.com> [BZ #19178] |