This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: getaddrinfo security problem ?

To: libc-hacker at sources dot redhat dot com
Subject: Re: getaddrinfo security problem ?
From: Thorsten Kukuk <kukuk at suse dot de>
Date: Wed, 23 May 2001 09:24:35 +0200
Organization: SuSE GmbH, Nuernberg, Germany
References: <20010518162813.A9161@suse.de> <20010522154001.A8672@suse.de> <kukuk@suse.de> <E152CWd-00056e-00@mill.nexus.co.uk>

On Tue, May 22, Philip.Blundell@pobox.com wrote:

> >I would vote for the first option, removing
> >it completly like BSD has done this.
> 
> That seems reasonable to me.  As far as I know nobody uses Unix sockets in
> this way.

Ok, I removed the gaih_local code complete, AF_UNIX is now not longer
supported by getaddrinfo and we don't have the security problems
with sockets in /tmp.

I append the patch for getaddrinfo.c and the test program.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE GmbH            Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

2001-05-23  Thorsten Kukuk  <kukuk@suse.de>

	* sysdeps/posix/getaddrinfo.c: Support for AF_UNIX removed
	* posix/tst-getaddrinfo.c: Remove AF_UNIX test

--- posix/tst-getaddrinfo.c
+++ posix/tst-getaddrinfo.c	2001/05/22 15:41:47
@@ -26,7 +26,7 @@
 static int
 do_test (void)
 {
-  const int family[3] = { AF_INET, AF_INET6, AF_UNIX };
+  const int family[2] = { AF_INET, AF_INET6 };
   int result = 0;
   int gaierr, index;
   struct addrinfo hints, *ai, *aitop;
--- sysdeps/posix/getaddrinfo.c
+++ sysdeps/posix/getaddrinfo.c	2001/05/23 06:53:43
@@ -124,115 +124,6 @@
 	{ 0, PF_UNSPEC, 0, 0, 0, NULL, NULL, NULL };
 #endif
 
-
-static int
-gaih_local (const char *name, const struct gaih_service *service,
-	    const struct addrinfo *req, struct addrinfo **pai)
-{
-  struct utsname utsname;
-
-  if ((name != NULL) && (req->ai_flags & AI_NUMERICHOST))
-    return GAIH_OKIFUNSPEC | -EAI_NONAME;
-
-  if ((name != NULL) || (req->ai_flags & AI_CANONNAME))
-    if (uname (&utsname) < 0)
-      return -EAI_SYSTEM;
-
-  if (name != NULL)
-    {
-      if (strcmp(name, "localhost") &&
-	  strcmp(name, "local") &&
-	  strcmp(name, "unix") &&
-	  strcmp(name, utsname.nodename))
-	return GAIH_OKIFUNSPEC | -EAI_NONAME;
-    }
-
-  if (req->ai_protocol || req->ai_socktype)
-    {
-      const struct gaih_typeproto *tp = gaih_inet_typeproto + 1;
-
-      while (tp->name[0]
-	     && ((tp->protoflag & GAI_PROTO_NOSERVICE) != 0
-		 || (req->ai_socktype != 0 && req->ai_socktype != tp->socktype)
-		 || (req->ai_protocol != 0
-		     && !(tp->protoflag & GAI_PROTO_PROTOANY)
-		     && req->ai_protocol != tp->protocol)))
-	++tp;
-
-      if (! tp->name[0])
-	{
-	  if (req->ai_socktype)
-	    return (GAIH_OKIFUNSPEC | -EAI_SOCKTYPE);
-	  else
-	    return (GAIH_OKIFUNSPEC | -EAI_SERVICE);
-	}
-    }
-
-  *pai = malloc (sizeof (struct addrinfo) + sizeof (struct sockaddr_un)
-		 + ((req->ai_flags & AI_CANONNAME)
-		    ? (strlen(utsname.nodename) + 1): 0));
-  if (*pai == NULL)
-    return -EAI_MEMORY;
-
-  (*pai)->ai_next = NULL;
-  (*pai)->ai_flags = req->ai_flags;
-  (*pai)->ai_family = AF_LOCAL;
-  (*pai)->ai_socktype = req->ai_socktype ? req->ai_socktype : SOCK_STREAM;
-  (*pai)->ai_protocol = req->ai_protocol;
-  (*pai)->ai_addrlen = sizeof (struct sockaddr_un);
-  (*pai)->ai_addr = (void *) (*pai) + sizeof (struct addrinfo);
-
-#if SALEN
-  ((struct sockaddr_un *) (*pai)->ai_addr)->sun_len =
-    sizeof (struct sockaddr_un);
-#endif /* SALEN */
-
-  ((struct sockaddr_un *)(*pai)->ai_addr)->sun_family = AF_LOCAL;
-  memset(((struct sockaddr_un *)(*pai)->ai_addr)->sun_path, 0, UNIX_PATH_MAX);
-
-  if (service)
-    {
-      struct sockaddr_un *sunp = (struct sockaddr_un *) (*pai)->ai_addr;
-
-      if (strchr (service->name, '/') != NULL)
-	{
-	  if (strlen (service->name) >= sizeof (sunp->sun_path))
-	    return GAIH_OKIFUNSPEC | -EAI_SERVICE;
-
-	  strcpy (sunp->sun_path, service->name);
-	}
-      else
-	{
-	  if (strlen (P_tmpdir "/") + 1 + strlen (service->name) >=
-	      sizeof (sunp->sun_path))
-	    return GAIH_OKIFUNSPEC | -EAI_SERVICE;
-
-	  __stpcpy (__stpcpy (sunp->sun_path, P_tmpdir "/"), service->name);
-	}
-    }
-  else
-    {
-      /* This is a dangerous use of the interface since there is a time
-	 window between the test for the file and the actual creation
-	 (done by the caller) in which a file with the same name could
-	 be created.  */
-      char *buf = ((struct sockaddr_un *) (*pai)->ai_addr)->sun_path;
-
-      if (__builtin_expect (__path_search (buf, L_tmpnam, NULL, NULL, 0),
-			    0) != 0
-	  || __builtin_expect (__gen_tempname (buf, __GT_NOCREATE), 0) != 0)
-	return -EAI_SYSTEM;
-    }
-
-  if (req->ai_flags & AI_CANONNAME)
-    (*pai)->ai_canonname = strcpy ((char *) *pai + sizeof (struct addrinfo)
-				   + sizeof (struct sockaddr_un),
-				   utsname.nodename);
-  else
-    (*pai)->ai_canonname = NULL;
-  return 0;
-}
-
 static int
 gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
 	       const struct addrinfo *req, struct gaih_servtuple *st)
@@ -690,7 +581,6 @@
   {
     { PF_INET6, gaih_inet },
     { PF_INET, gaih_inet },
-    { PF_LOCAL, gaih_local },
     { PF_UNSPEC, NULL }
   };

Follow-Ups:
- Re: getaddrinfo security problem ?
  - From: Ulrich Drepper

References:
- getaddrinfo security problem ?
  - From: Thorsten Kukuk
- Re: getaddrinfo security problem ?
  - From: Thorsten Kukuk
- Re: getaddrinfo security problem ?
  - From: Philip.Blundell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]