hal/hald/linux net_class_device.c,1.18,1.19
David Zeuthen
david at freedesktop.org
Thu Oct 14 11:41:29 PDT 2004
Update of /cvs/hal/hal/hald/linux
In directory gabe:/tmp/cvs-serv20216/hald/linux
Modified Files:
net_class_device.c
Log Message:
2004-10-14 David Zeuthen <davidz at redhat.com>
Patch from Steve Grubb (linux_4ever at yahoo.com).
* hald/linux/net_class_device.c (link_detection_data_ready): The
hal daemon does not check the sender's PID for netlink packets.
Netlink packets can be sent by any user with local access to the
system. Kernel originating packets have a PID of 0, while user
space originating packets are > 0. Without checking this, users
may send messages to hald that cause daemons using dbus to take
inappropriate actions.
Index: net_class_device.c
===================================================================
RCS file: /cvs/hal/hal/hald/linux/net_class_device.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- net_class_device.c 16 Sep 2004 22:04:15 -0000 1.18
+++ net_class_device.c 14 Oct 2004 18:41:27 -0000 1.19
@@ -387,6 +387,8 @@
int fd;
int bytes_read;
guint total_read = 0;
+ struct sockaddr_nl nladdr;
+ socklen_t nladdrlen = sizeof(nladdr);
char buf[1024];
if (cond & ~(G_IO_IN | G_IO_PRI)) {
@@ -398,11 +400,19 @@
do {
errno = 0;
- bytes_read = recv (fd,
+ bytes_read = recvfrom (fd,
buf + total_read,
sizeof (buf) - total_read,
- MSG_DONTWAIT);
-
+ MSG_DONTWAIT,
+ (struct sockaddr*)&nladdr, &nladdrlen);
+ if (nladdrlen != sizeof(nladdr)) {
+ HAL_ERROR(("Bad address size reading netlink socket"));
+ return FALSE;
+ }
+ if (nladdr.nl_pid) {
+ HAL_ERROR(("Spoofed packet received on netlink socket"));
+ return FALSE;
+ }
if (bytes_read > 0)
total_read += bytes_read;
} while (bytes_read > 0 || errno == EINTR);
More information about the hal-commit
mailing list