On Tue, Jun 13, 2017 at 11:31:50PM +0300, Dmitry V. Levin wrote:
> On Tue, Jun 13, 2017 at 10:13:22PM +0800, JingPiao Chen wrote:
[...]
> >
> > @@ -210,9 +214,127 @@ decode_packet_diag_msg(struct tcb *const tcp,
> > return true;
> > }
> >
> > +static void
> > +print_inet_diag_sockid(const struct inet_diag_sockid *id, const uint8_t
> > family)
> > +{
> > + tprintf("{idiag_sport=htons(%u), idiag_dport=htons(%u)",
> > + ntohs(id->idiag_sport), ntohs(id->idiag_dport));
> > + int text_size = family == AF_INET ?
> > + INET_ADDRSTRLEN : INET6_ADDRSTRLEN;
> > + char buf[text_size];
> > +
> > + inet_ntop(family, id->idiag_src, buf, text_size);
> > + tprintf(", inet_pton(%s, \"%s\", idiag_src)",
> > + family == AF_INET ? "AF_INET" : "AF_INET6", buf);
> > +
> > + inet_ntop(family, id->idiag_dst, buf, text_size);
> > + tprintf(", inet_pton(%s, \"%s\", idiag_dst)",
> > + family == AF_INET ? "AF_INET" : "AF_INET6", buf);
>
> As "family" is untrusted input, we cannot assume it's either AF_INET or
> AF_INET6. In fact, inet_ntop currently supports AF_INET and AF_INET6
> only, so I wouldn't bother invoking inet_ntop with any other address
> family argument.
Now family only AF_INET or AF_INET6. All the caller
(decode_inet_diag_req_compat, decode_inet_diag_req_v2,
decode_inet_diag_msg, decode_smc_diag_req, decode_smc_diag_msg)
will pass AF_INET or AF_INET6. I update it, but can not check
the case family neither AF_INET nor AF_INET6.
--
JingPiao Chen
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Strace-devel mailing list
Strace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/strace-devel
