Date: Thu, 03 Jul 2014 19:03:35 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-standards@FreeBSD.org Subject: [Bug 191586] New: FreeBSD doesn't validate negative edgecases in bind(2)/connect(2)/listen(2) like POSIX requires Message-ID: <bug-191586-15@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191586 Bug ID: 191586 Summary: FreeBSD doesn't validate negative edgecases in bind(2)/connect(2)/listen(2) like POSIX requires Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: standards Assignee: freebsd-standards@FreeBSD.org Reporter: yaneurabeya@gmail.com POSIX specifies certain requirements for validating sa_family with bind(2) and connect(2): >From bind(2): [EAFNOSUPPORT] The specified address is not a valid address for the address family of the specified socket. ... [EINVAL] The address_len argument is not a valid length for the address family. >From connect [2]: [EINVAL] The address_len argument is not a valid length for the address family; or invalid address family in the sockaddr structure. >From listen [3]: [EDESTADDRREQ] The socket is not bound to a local address, and the protocol does not support listening on an unbound socket. FreeBSD 10/stable does not appear to be conforming to POSIX: - bind(2) doesn't appear to be validating the sa_family member at all (it doesn't set errno to either EAFNOSUPPORT or EINVAL). - connect(2)'s not handling EINVAL properly, but the issue is being caught with EAFNOSUPPORT . - listen(2)'s not handling EDESTADDRREQ. I haven't tested out a kernel built INET, INET6, or SCTP support compiled out to ensure that these cases would be caught properly. 1. http://pubs.opengroup.org/onlinepubs/009695399/functions/bind.html 2. http://pubs.opengroup.org/onlinepubs/009695399/functions/connect.html 3. http://pubs.opengroup.org/onlinepubs/009695399/functions/listen.html % uname -a FreeBSD freebsd-10-x64.localdomain 10.0-STABLE FreeBSD 10.0-STABLE #2 r267849+810c962(stable/10): Wed Jun 25 14:23:41 PDT 2014 root@freebsd-10-x64.localdomain:/usr/obj/usr/src/sys/GENERIC-WITHOUT-WITNESS amd64 % sysctl -Na | grep -q sctp && echo "has SCTP" has SCTP % sysctl kern.features. | grep 'inet' kern.features.inet: 1 kern.features.inet6: 1 % cat /root/test_bogus_sa_family.c #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <err.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> int main(void) { struct sockaddr_in sai; int sock; sock = socket(AF_INET, SOCK_STREAM, 0); memset(&sai, 0, sizeof(sai)); memset(&sai, 0, sizeof(sai)); sai.sin_family = AF_MAX + 10; sai.sin_addr.s_addr = INADDR_ANY; sai.sin_port = 42000; if (bind(sock, (struct sockaddr*)&sai, sizeof(sai)) == 0) { warnx("bind did not fail with invalid sin_family as expected"); if (listen(sock, 1) == 0) { warnx("and is now listening for connections on an invalid address family!? (netstat output follows)"); system("netstat -a | grep LISTEN"); } else warn("but did fail when listen was called"); } else if (errno != EAFNOSUPPORT) warn("bind did not fail with EAFNOSUPPORT"); else printf("bind test passed"); close(sock); sock = socket(AF_INET, SOCK_STREAM, 0); if (connect(sock, (struct sockaddr*)&sai, sizeof(sai)) == 0) warnx("connect did not fail with invalid sin_family as expected"); else if (errno != EINVAL) warn("connect did not fail with EINVAL"); else printf("connect test passed"); close(sock); return (0); } % /root/test_bogus_sa_family test_bogus_sa_family: bind did not fail with invalid sin_family as expected test_bogus_sa_family: and is now listening for connections on an invalid address family!? (netstat output follows) tcp4 0 0 *.4260 *.* LISTEN tcp4 0 0 localhost.smtp *.* LISTEN tcp4 0 0 *.ssh *.* LISTEN tcp6 0 0 *.ssh *.* LISTEN tcp6 0 0 *.nfsd *.* LISTEN tcp4 0 0 *.nfsd *.* LISTEN tcp4 0 0 *.mecomm *.* LISTEN tcp6 0 0 *.mecomm *.* LISTEN tcp4 0 0 *.sunrpc *.* LISTEN tcp6 0 0 *.sunrpc *.* LISTEN test_bogus_sa_family: connect did not fail with EINVAL: Address family not supported by protocol family -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-191586-15>