[systemd-devel] Suspicious assertions in resolved
Topi Miettinen
toiwoton at gmail.com
Sun Jan 18 13:15:18 PST 2015
On 01/18/15 20:45, David Herrmann wrote:
> Hi
>
> On Sun, Jan 18, 2015 at 8:12 PM, Topi Miettinen <toiwoton at gmail.com> wrote:
>> Hello,
>>
>> I think resolved_manager.c function manager_recv() has an assertion that
>> could be triggerable by the server sending an oversized packet:
>>
>> assert(!(mh.msg_flags & MSG_TRUNC));
>>
>> The other assertions look suspicious too but I don't know if they can
>> really be triggered by the other side.
>
> We use FIONREAD to read the size of the next pending datagram.
> Therefore, MSG_TRUNC cannot be set. Similarly, we provide suitable
> control-data space so MSG_CTRUNC cannot be set, either.
OK. What about the assertions later, is it possible to receive a reply
via IPv6 for IPv4 request or the other way around?
>
> Thanks
> David
>
>> I'd propose something like this:
>>
>> diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
>> index 0594479..b1defa3 100644
>> --- a/src/resolve/resolved-manager.c
>> +++ b/src/resolve/resolved-manager.c
>> @@ -894,7 +894,8 @@ int manager_recv(Manager *m, int fd, DnsProtocol
>> protocol, DnsPacket **ret) {
>> return -EIO;
>>
>> assert(!(mh.msg_flags & MSG_CTRUNC));
>> - assert(!(mh.msg_flags & MSG_TRUNC));
>> + if (mh.msg_flags & MSG_TRUNC)
>> + return -EIO;
>>
>> p->size = (size_t) l;
>>
>>
>> -Topi
>> _______________________________________________
>> systemd-devel mailing list
>> systemd-devel at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
More information about the systemd-devel
mailing list