qiurui
/
glibc
mirror of git://sourceware.org/git/glibc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Terminate process on invalid netlink response from kernel [BZ #12926] 

The recvmsg system calls for netlink sockets have been particularly
prone to picking up unrelated data after a file descriptor race
(where the descriptor is closed and reopened concurrently in a
multi-threaded process, as the result of a file descriptor
management issue elsewhere).  This commit adds additional error
checking and aborts the process if a datagram of unexpected length
(without the netlink header) is received, or an error code which
cannot happen due to the way the netlink socket is used.

	[BZ #12926]
	Terminate process on invalid netlink response.
	* sysdeps/unix/sysv/linux/netlinkaccess.h
	(__netlink_assert_response): Declare.
	* sysdeps/unix/sysv/linux/netlink_assert_response.c: New file.
	* sysdeps/unix/sysv/linux/Makefile [$(subdir) == inet]
	(sysdep_routines): Add netlink_assert_response.
	* sysdeps/unix/sysv/linux/check_native.c (__check_native): Call
	__netlink_assert_response.
	* sysdeps/unix/sysv/linux/check_pf.c (make_request): Likewise.
	* sysdeps/unix/sysv/linux/ifaddrs.c (__netlink_request): Likewise.
	* sysdeps/unix/sysv/linux/Versions (GLIBC_PRIVATE): Add
	__netlink_assert_response.
This commit is contained in:
Florian Weimer 2015-11-09 12:48:41 +01:00
parent f3d18efb8a
commit 2eecc8afd0
9 changed files with 145 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
ChangeLog
View File

@ -1,3 +1,19 @@
2015-11-09 Florian Weimer <fweimer@redhat.com>
[BZ #12926]
Terminate process on invalid netlink response.
* sysdeps/unix/sysv/linux/netlinkaccess.h
(__netlink_assert_response): Declare.
* sysdeps/unix/sysv/linux/netlink_assert_response.c: New file.
* sysdeps/unix/sysv/linux/Makefile [$(subdir) == inet]
(sysdep_routines): Add netlink_assert_response.
* sysdeps/unix/sysv/linux/check_native.c (__check_native): Call
__netlink_assert_response.
* sysdeps/unix/sysv/linux/check_pf.c (make_request): Likewise.
* sysdeps/unix/sysv/linux/ifaddrs.c (__netlink_request): Likewise.
* sysdeps/unix/sysv/linux/Versions (GLIBC_PRIVATE): Add
__netlink_assert_response.
2015-11-07 H.J. Lu <hongjiu.lu@intel.com> 2015-11-07 H.J. Lu <hongjiu.lu@intel.com>
[BZ #19178] [BZ #19178]

8
NEWS
View File

@ -11,6 +11,14 @@ Version 2.23
the following new symbols are used: fts64_children, fts64_close, the following new symbols are used: fts64_children, fts64_close,
fts64_open, fts64_read and fts64_set. fts64_open, fts64_read and fts64_set.
* getaddrinfo now detects certain invalid responses on an internal netlink
socket. If such responses are received, an affected process will
terminate with an error message of "Unexpected error <number> on netlink
descriptor <number>" or "Unexpected netlink response of size <number> on
descriptor <number>". The most likely cause for these errors is a
multi-threaded application which erroneously closes and reuses the netlink
file descriptor while it is used by getaddrinfo.
* A defect in the malloc implementation, present since glibc 2.15 (2012) or * A defect in the malloc implementation, present since glibc 2.15 (2012) or
glibc 2.10 via --enable-experimental-malloc (2009), could result in the glibc 2.10 via --enable-experimental-malloc (2009), could result in the
unnecessary serialization of memory allocation requests across threads. unnecessary serialization of memory allocation requests across threads.

1
sysdeps/unix/sysv/linux/Makefile
View File

@ -151,6 +151,7 @@ sysdep_headers += netinet/if_fddi.h netinet/if_tr.h \
netipx/ipx.h netash/ash.h netax25/ax25.h netatalk/at.h \ netipx/ipx.h netash/ash.h netax25/ax25.h netatalk/at.h \
netrom/netrom.h netpacket/packet.h netrose/rose.h \ netrom/netrom.h netpacket/packet.h netrose/rose.h \
neteconet/ec.h netiucv/iucv.h neteconet/ec.h netiucv/iucv.h
sysdep_routines += netlink_assert_response
endif endif
# Don't compile the ctype glue code, since there is no old non-GNU C library. # Don't compile the ctype glue code, since there is no old non-GNU C library.

2
sysdeps/unix/sysv/linux/Versions
View File

@ -169,5 +169,7 @@ libc {
GLIBC_PRIVATE { GLIBC_PRIVATE {
# functions used in other libraries # functions used in other libraries
__syscall_rt_sigqueueinfo; __syscall_rt_sigqueueinfo;
# functions used by nscd
__netlink_assert_response;
} }
} }

2
sysdeps/unix/sysv/linux/check_native.c
View File

@ -35,6 +35,7 @@
#include <not-cancel.h> #include <not-cancel.h>
#include "netlinkaccess.h"
void void
__check_native (uint32_t a1_index, int *a1_native, __check_native (uint32_t a1_index, int *a1_native,
@ -117,6 +118,7 @@ __check_native (uint32_t a1_index, int *a1_native,
}; };
ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0)); ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0));
__netlink_assert_response (fd, read_len);
if (read_len < 0) if (read_len < 0)
goto out_fail; goto out_fail;

4
sysdeps/unix/sysv/linux/check_pf.c
View File

@ -36,6 +36,7 @@
#include <atomic.h> #include <atomic.h>
#include <nscd/nscd-client.h> #include <nscd/nscd-client.h>
#include "netlinkaccess.h"
#ifndef IFA_F_HOMEADDRESS #ifndef IFA_F_HOMEADDRESS
# define IFA_F_HOMEADDRESS 0 # define IFA_F_HOMEADDRESS 0
@ -164,7 +165,8 @@ make_request (int fd, pid_t pid)
}; };
ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0)); ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0));
if (read_len <= 0) __netlink_assert_response (fd, read_len);
if (read_len < 0)
goto out_fail; goto out_fail;
if (msg.msg_flags & MSG_TRUNC) if (msg.msg_flags & MSG_TRUNC)

1
sysdeps/unix/sysv/linux/ifaddrs.c
View File

@ -168,6 +168,7 @@ __netlink_request (struct netlink_handle *h, int type)
}; };
read_len = TEMP_FAILURE_RETRY (__recvmsg (h->fd, &msg, 0)); read_len = TEMP_FAILURE_RETRY (__recvmsg (h->fd, &msg, 0));
__netlink_assert_response (h->fd, read_len);
if (read_len < 0) if (read_len < 0)
goto out_fail; goto out_fail;

106
sysdeps/unix/sysv/linux/netlink_assert_response.c Normal file
View File

@ -0,0 +1,106 @@
/* Check recvmsg results for netlink sockets.
Copyright (C) 2015 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <sys/socket.h>
#include "netlinkaccess.h"
static int
get_address_family (int fd)
{
struct sockaddr_storage sa;
socklen_t sa_len = sizeof (sa);
if (__getsockname (fd, (struct sockaddr *) &sa, &sa_len) < 0)
return -1;
/* Check that the socket family number is preserved despite in-band
signaling. */
_Static_assert (sizeof (sa.ss_family) < sizeof (int), "address family size");
_Static_assert (0 < (__typeof__ (sa.ss_family)) -1,
"address family unsigned");
return sa.ss_family;
}
void
internal_function
__netlink_assert_response (int fd, ssize_t result)
{
if (result < 0)
{
/* Check if the error is unexpected. */
bool terminate = false;
int error_code = errno;
int family = get_address_family (fd);
if (family != AF_NETLINK)
/* If the address family does not match (or getsockname
failed), report the original error. */
terminate = true;
else if (error_code == EBADF
|| error_code == ENOTCONN
|| error_code == ENOTSOCK
|| error_code == ECONNREFUSED)
/* These errors indicate that the descriptor is not a
connected socket. */
terminate = true;
else if (error_code == EAGAIN || error_code == EWOULDBLOCK)
{
/* The kernel might return EAGAIN for other reasons than a
non-blocking socket. But if the socket is not blocking,
it is not ours, so report the error. */
int mode = __fcntl (fd, F_GETFL, 0);
if (mode < 0 || (mode & O_NONBLOCK) != 0)
terminate = true;
}
if (terminate)
{
char message[200];
if (family < 0)
__snprintf (message, sizeof (message),
"Unexpected error %d on netlink descriptor %d",
error_code, fd);
else
__snprintf (message, sizeof (message),
"Unexpected error %d on netlink descriptor %d"
" (address family %d)",
error_code, fd, family);
__libc_fatal (message);
}
else
/* Restore orignal errno value. */
__set_errno (error_code);
}
else if (result < sizeof (struct nlmsghdr))
{
char message[200];
int family = get_address_family (fd);
if (family < 0)
__snprintf (message, sizeof (message),
"Unexpected netlink response of size %zd"
" on descriptor %d",
result, fd);
else
__snprintf (message, sizeof (message),
"Unexpected netlink response of size %zd"
" on descriptor %d (address family %d)",
result, fd, family);
__libc_fatal (message);
}
}
libc_hidden_def (__netlink_assert_response)

6
sysdeps/unix/sysv/linux/netlinkaccess.h
View File

@ -19,6 +19,7 @@
#define _NETLINKACCESS_H 1 #define _NETLINKACCESS_H 1
#include <stdint.h> #include <stdint.h>
#include <sys/types.h>
#include <asm/types.h> #include <asm/types.h>
#include <linux/netlink.h> #include <linux/netlink.h>
#include <linux/rtnetlink.h> #include <linux/rtnetlink.h>
@ -48,5 +49,10 @@ extern void __netlink_close (struct netlink_handle *h);
extern void __netlink_free_handle (struct netlink_handle *h); extern void __netlink_free_handle (struct netlink_handle *h);
extern int __netlink_request (struct netlink_handle *h, int type); extern int __netlink_request (struct netlink_handle *h, int type);
/* Terminate the process if RESULT is an invalid recvmsg result for
the netlink socket FD. */
void __netlink_assert_response (int fd, ssize_t result)
internal_function;
libc_hidden_proto (__netlink_assert_response)
#endif /* netlinkaccess.h */ #endif /* netlinkaccess.h */