Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net: Add the check that socket domain is equal to bound address type, when do bind. #9295

Merged
merged 1 commit into from May 17, 2023
Merged

net: Add the check that socket domain is equal to bound address type, when do bind. #9295

merged 1 commit into from May 17, 2023

Conversation

liqinhuixm
Copy link
Contributor

@liqinhuixm liqinhuixm commented May 16, 2023
edited by xiaoxiang781216

Summary

When bind the sockaddr, Check conn->domain and addr->sa_family. If they aren't equal, return an error early.
which can avoid the problem of stack buffer overflow.

Impact

Avoid an exception caused by using the bad address on binding.

Testing

When the socket of type AF_INET4, if the sockaddr of type AF_INET6 are used, the bind interface returns an error and does not cause any other exception.

@xiaoxiang781216 xiaoxiang781216 mentioned this pull request May 16, 2023
Closed
acassis
acassis reviewed May 16, 2023
View reviewed changes
net/tcp/tcp_conn.c Outdated Show resolved Hide resolved
net/udp/udp_conn.c Outdated Show resolved Hide resolved
@liqinhuixm
net: Add the check that socket domain is equal to bound address type,…
6b7caa7 
… when do bind.

When do socket bind, if the connection domain is not equal to the bound address type, this will cause the stack-buffer-overflow.

Signed-off-by: liqinhui <liqinhui@xiaomi.com>
@pkarashchenko pkarashchenko merged commit a9640ba into apache:master May 17, 2023
26 checks passed
@jerpelea jerpelea added this to To-Add in Release Notes - 12.2.0 Jun 13, 2023
@jerpelea jerpelea moved this from To-Add to In Progress in Release Notes - 12.2.0 Jun 26, 2023
@g2gps g2gps mentioned this pull request Jun 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@acassis acassis acassis left review comments

@pkarashchenko pkarashchenko pkarashchenko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
Release Notes - 12.2.0
In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@liqinhuixm @acassis @pkarashchenko