Subject: Re: CVS commit: src/sys
To: David Young <dyoung@pobox.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-net
Date: 05/29/2007 19:14:21
On Tue, May 29, 2007 at 05:20:33PM -0500, David Young wrote:
>
> This seems like an awful lot of #ifdef'age to achieve very limited
> protection against stack smashing. Suppose the kernel copies to ifreq
> a sockaddr whose sa_len > sizeof(struct sockaddr_storage) ?
The kernel won't: sockaddr_storage is, by definition, large enough to
contain any protocol-specific sockaddr. That's what it's for.
The issue with kernel->user copies was truncation of addresses. The
stack-smashing issue involved legitimate programming practices like
trying to zero the entire sockaddr_dl "contained" in an ifreq...
--
Thor Lancelot Simon tls@rek.tjls.com
"All of my opinions are consistent, but I cannot present them all
at once." -Jean-Jacques Rousseau, On The Social Contract