Re: [2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt()

[2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt() · Wang Chen <hidden> · 2008-03-31
Re: [2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt() · YOSHIFUJI Hideaki / 吉藤英明 <hidden> · 2008-03-31
Re: [2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt() · Wang Chen <hidden> · 2008-03-31
Re: [2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt() · YOSHIFUJI Hideaki / 吉藤英明 <hidden> · 2008-03-31
Re: [2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt() · Wang Chen <hidden> · 2008-03-31
Re: [2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt() · Wang Chen <hidden> · 2008-04-07
Re: [2.6 PATCH] IPV6: Check length of optval provided by user in setsockopt() · YOSHIFUJI Hideaki / 吉藤英明 <hidden> · 2008-04-11

From: Wang Chen <hidden>
Date: 2008-03-31 11:05:36

YOSHIFUJI Hideaki / 吉藤英明 said the following on 2008-3-31 18:53:

quoted

Check length of setsockopt's optval, which provided by user, before copy it
from user space.

Please use "<" not "==".

There are two reasons that why I only check whether
len of optval is equal to that one in user space.
1. We currently copy the entire structure from user
   to kernel.
2. In other cases, such as IPV6_LEAVE/JOIN_ANYCAST,
   we check whether the len is equal to struct's len.

So, Yoshifuji-san, can you tell me more about why we
should use "<"? :)

POSIX, as we have some comments in that file ;-).
If it is shorter than expected, -EINVAL, otherwise, no error.
We need to fix other sites as well.

ooh, I see.
I will take a business trip to Japan tomorrow and I will finish
this patch since I come back weekend.
Thank you for your explanation.

--WCN

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help