hal/hald/linux net_class_device.c,1.18,1.19

David Zeuthen david at freedesktop.org
Thu Oct 14 11:41:29 PDT 2004


Update of /cvs/hal/hal/hald/linux
In directory gabe:/tmp/cvs-serv20216/hald/linux

Modified Files:
	net_class_device.c 
Log Message:
2004-10-14  David Zeuthen  <davidz at redhat.com>

	Patch from Steve Grubb (linux_4ever at yahoo.com).

	* hald/linux/net_class_device.c (link_detection_data_ready): The
	hal daemon does not check the sender's PID for netlink packets.
	Netlink packets can be sent by any user with local access to the
	system. Kernel originating packets have a PID of 0, while user
	space originating packets are > 0. Without checking this, users
	may send messages to hald that cause daemons using dbus to take
	inappropriate actions.



Index: net_class_device.c
===================================================================
RCS file: /cvs/hal/hal/hald/linux/net_class_device.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- net_class_device.c	16 Sep 2004 22:04:15 -0000	1.18
+++ net_class_device.c	14 Oct 2004 18:41:27 -0000	1.19
@@ -387,6 +387,8 @@
 	int fd;
 	int bytes_read;
 	guint total_read = 0;
+	struct sockaddr_nl nladdr;
+	socklen_t nladdrlen = sizeof(nladdr);
 	char buf[1024];
 
 	if (cond & ~(G_IO_IN | G_IO_PRI)) {
@@ -398,11 +400,19 @@
 
 	do {
 		errno = 0;
-		bytes_read = recv (fd,
+		bytes_read = recvfrom (fd,
 				   buf + total_read,
 				   sizeof (buf) - total_read,
-				   MSG_DONTWAIT);
-
+				   MSG_DONTWAIT,
+				   (struct sockaddr*)&nladdr, &nladdrlen);
+		if (nladdrlen != sizeof(nladdr)) {
+			HAL_ERROR(("Bad address size reading netlink socket"));
+			return FALSE;
+		}
+		if (nladdr.nl_pid) {
+			HAL_ERROR(("Spoofed packet received on netlink socket"));
+			return FALSE;
+		}
 		if (bytes_read > 0)
 			total_read += bytes_read;
 	} while (bytes_read > 0 || errno == EINTR);




More information about the hal-commit mailing list