[Top] [All Lists]

[PATCH] Compat32 setsockopt overzealous conversions

To: netdev@xxxxxxxxxxx
Subject: [PATCH] Compat32 setsockopt overzealous conversions
From: David Woodhouse <dwmw2@xxxxxxxxxxxxx>
Date: Tue, 07 Sep 2004 14:23:00 +0100
Cc: davem@xxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
compat_sys_setsockopt() is a little overzealous about converting 32-bit
stuff into 64-bit. It should match on level _and_ optname, not just
optname. Currently it eats the IPV6_V6ONLY sockopt because its value
(26) happens to match SO_ATTACH_FILTER.

This makes it at least check 'level' for everything but
IPT_SO_SET_REPLACE == IPT6_SO_SET_REPLACE, because that does seem to be
the same in different levels. But do_netfilter_replace() is another can
of worms entirely -- it doesn't actually work either, because some
netfilter modules (like ipt_limit) include kernel-only bits which change
size in the structure they share with userspace. 

--- net/compat.c~       2004-08-14 06:37:15.000000000 +0100
+++ net/compat.c        2004-09-03 17:47:26.260926176 +0100
@@ -455,13 +455,15 @@
 asmlinkage long compat_sys_setsockopt(int fd, int level, int optname,
                                char __user *optval, int optlen)
+       /* SO_SET_REPLACE seems to be the same in all levels */
        if (optname == IPT_SO_SET_REPLACE)
                return do_netfilter_replace(fd, level, optname,
                                            optval, optlen);
-       if (optname == SO_ATTACH_FILTER)
+       if (level == SOL_SOCKET && optname == SO_ATTACH_FILTER)
                return do_set_attach_filter(fd, level, optname,
                                            optval, optlen);
-       if (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO)
+       if (level == SOL_SOCKET &&
+           (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO))
                return do_set_sock_timeout(fd, level, optname, optval, optlen);
        return sys_setsockopt(fd, level, optname, optval, optlen);


<Prev in Thread] Current Thread [Next in Thread>