On Fri, 2016-02-12 at 13:25 +0000, Rainer Weikusat wrote:
> Philipp Hahn <pmh...@pmhahn.de> writes:
>
> > Hello Rainer,
> >
> > Am 11.02.2016 um 20:37 schrieb Rainer Weikusat:
> > > The unix_dgram_sendmsg routine use the following test
> > >
> > > if (unlikely(unix_peer(other) != sk && unix_recvq_full(other))) {
>
> [...]
>
> > > This isn't correct as the> specified address could have been bound to
> > > the sending socket itself
>
> [...]
>
> > After applying that patch at least my machine running the samba test no
> > longer crashes.
>
> There's a possible gotcha in there: Send-to-self used to be limited by
> the queue limit. But the rationale for that (IIRC) was that someone
> could keep using newly created sockets to queue ever more data to a
> single, unrelated receiver. I don't think this should apply when
> receiving and sending sockets are identical. But that's just my
> opinion. The other option would be to avoid the unix_state_double_lock
> for sk == other.Given that unix_state_double_lock() already handles sk == other, I'm not sure why you think it needs to be avoided. > I'd be willing to change this accordingly if someone > thinks the queue limit should apply to send-to-self. If we don't check the queue limit here, does anything else prevent the queue growing to the point it's a DoS? Ben. -- Ben Hutchings I say we take off; nuke the site from orbit. It's the only way to be sure.
signature.asc
Description: This is a digitally signed message part
