[systemd-devel] Suspicious assertions in resolved
David Herrmann
dh.herrmann at gmail.com
Sun Jan 18 12:45:57 PST 2015
Hi
On Sun, Jan 18, 2015 at 8:12 PM, Topi Miettinen <toiwoton at gmail.com> wrote:
> Hello,
>
> I think resolved_manager.c function manager_recv() has an assertion that
> could be triggerable by the server sending an oversized packet:
>
> assert(!(mh.msg_flags & MSG_TRUNC));
>
> The other assertions look suspicious too but I don't know if they can
> really be triggered by the other side.
We use FIONREAD to read the size of the next pending datagram.
Therefore, MSG_TRUNC cannot be set. Similarly, we provide suitable
control-data space so MSG_CTRUNC cannot be set, either.
Thanks
David
> I'd propose something like this:
>
> diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
> index 0594479..b1defa3 100644
> --- a/src/resolve/resolved-manager.c
> +++ b/src/resolve/resolved-manager.c
> @@ -894,7 +894,8 @@ int manager_recv(Manager *m, int fd, DnsProtocol
> protocol, DnsPacket **ret) {
> return -EIO;
>
> assert(!(mh.msg_flags & MSG_CTRUNC));
> - assert(!(mh.msg_flags & MSG_TRUNC));
> + if (mh.msg_flags & MSG_TRUNC)
> + return -EIO;
>
> p->size = (size_t) l;
>
>
> -Topi
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
More information about the systemd-devel
mailing list