Page MenuHomeFreeBSD

[kdump] Protect against over-long sockaddr length field.
Needs ReviewPublic

Authored by peterj on Aug 17 2023, 11:26 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 8 2025, 1:30 PM
Unknown Object (File)
Jul 31 2025, 5:14 AM
Unknown Object (File)
Jul 30 2025, 10:16 AM
Unknown Object (File)
Jul 28 2025, 9:04 AM
Unknown Object (File)
Jul 26 2025, 11:46 PM
Unknown Object (File)
Jul 19 2025, 2:09 PM
Unknown Object (File)
Jul 12 2025, 7:37 AM
Unknown Object (File)
Jul 8 2025, 9:06 PM
Subscribers
None
This revision needs review, but there are no reviewers specified.

Details

Reviewers
None
Summary

Checks ensure that the incoming sockaddr length field is not too
short but don't protect against it being too long - in which case,
the local family-specific sockaddr will be overflowed.

Implement stricter checks for AF_INET and AF_INET6 sockaddr's:

  • If the incoming length is too short, it will just report that the sockaddr is invalid.
  • If the incoming length is too short, it will decode the address and port and also print that it's too long. (The kernel also reports EINVAL in this case).

For AF_UNIX sockaddrs, directly print from the original sockaddr,
rather than copying it. Since sa_len has already been validated,
there's no need for additional validation.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

peterj created this revision.