From owner-freebsd-standards@FreeBSD.ORG Thu Jul 3 19:03:35 2014 Return-Path: Delivered-To: freebsd-standards@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D7EB855 for ; Thu, 3 Jul 2014 19:03:35 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3F4E829C1 for ; Thu, 3 Jul 2014 19:03:35 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s63J3ZBE065604 for ; Thu, 3 Jul 2014 20:03:35 +0100 (BST) (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-standards@FreeBSD.org Subject: [Bug 191586] New: FreeBSD doesn't validate negative edgecases in bind(2)/connect(2)/listen(2) like POSIX requires Date: Thu, 03 Jul 2014 19:03:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: standards X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: yaneurabeya@gmail.com X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-standards@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-standards@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Standards compliance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 19:03:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191586 Bug ID: 191586 Summary: FreeBSD doesn't validate negative edgecases in bind(2)/connect(2)/listen(2) like POSIX requires Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: Needs Triage Severity: Affects Only Me Priority: --- Component: standards Assignee: freebsd-standards@FreeBSD.org Reporter: yaneurabeya@gmail.com POSIX specifies certain requirements for validating sa_family with bind(2) and connect(2): >From bind(2): [EAFNOSUPPORT] The specified address is not a valid address for the address family of the specified socket. ... [EINVAL] The address_len argument is not a valid length for the address family. >From connect [2]: [EINVAL] The address_len argument is not a valid length for the address family; or invalid address family in the sockaddr structure. >From listen [3]: [EDESTADDRREQ] The socket is not bound to a local address, and the protocol does not support listening on an unbound socket. FreeBSD 10/stable does not appear to be conforming to POSIX: - bind(2) doesn't appear to be validating the sa_family member at all (it doesn't set errno to either EAFNOSUPPORT or EINVAL). - connect(2)'s not handling EINVAL properly, but the issue is being caught with EAFNOSUPPORT . - listen(2)'s not handling EDESTADDRREQ. I haven't tested out a kernel built INET, INET6, or SCTP support compiled out to ensure that these cases would be caught properly. 1. http://pubs.opengroup.org/onlinepubs/009695399/functions/bind.html 2. http://pubs.opengroup.org/onlinepubs/009695399/functions/connect.html 3. http://pubs.opengroup.org/onlinepubs/009695399/functions/listen.html % uname -a FreeBSD freebsd-10-x64.localdomain 10.0-STABLE FreeBSD 10.0-STABLE #2 r267849+810c962(stable/10): Wed Jun 25 14:23:41 PDT 2014 root@freebsd-10-x64.localdomain:/usr/obj/usr/src/sys/GENERIC-WITHOUT-WITNESS amd64 % sysctl -Na | grep -q sctp && echo "has SCTP" has SCTP % sysctl kern.features. | grep 'inet' kern.features.inet: 1 kern.features.inet6: 1 % cat /root/test_bogus_sa_family.c #include #include #include #include #include #include #include #include #include int main(void) { struct sockaddr_in sai; int sock; sock = socket(AF_INET, SOCK_STREAM, 0); memset(&sai, 0, sizeof(sai)); memset(&sai, 0, sizeof(sai)); sai.sin_family = AF_MAX + 10; sai.sin_addr.s_addr = INADDR_ANY; sai.sin_port = 42000; if (bind(sock, (struct sockaddr*)&sai, sizeof(sai)) == 0) { warnx("bind did not fail with invalid sin_family as expected"); if (listen(sock, 1) == 0) { warnx("and is now listening for connections on an invalid address family!? (netstat output follows)"); system("netstat -a | grep LISTEN"); } else warn("but did fail when listen was called"); } else if (errno != EAFNOSUPPORT) warn("bind did not fail with EAFNOSUPPORT"); else printf("bind test passed"); close(sock); sock = socket(AF_INET, SOCK_STREAM, 0); if (connect(sock, (struct sockaddr*)&sai, sizeof(sai)) == 0) warnx("connect did not fail with invalid sin_family as expected"); else if (errno != EINVAL) warn("connect did not fail with EINVAL"); else printf("connect test passed"); close(sock); return (0); } % /root/test_bogus_sa_family test_bogus_sa_family: bind did not fail with invalid sin_family as expected test_bogus_sa_family: and is now listening for connections on an invalid address family!? (netstat output follows) tcp4 0 0 *.4260 *.* LISTEN tcp4 0 0 localhost.smtp *.* LISTEN tcp4 0 0 *.ssh *.* LISTEN tcp6 0 0 *.ssh *.* LISTEN tcp6 0 0 *.nfsd *.* LISTEN tcp4 0 0 *.nfsd *.* LISTEN tcp4 0 0 *.mecomm *.* LISTEN tcp6 0 0 *.mecomm *.* LISTEN tcp4 0 0 *.sunrpc *.* LISTEN tcp6 0 0 *.sunrpc *.* LISTEN test_bogus_sa_family: connect did not fail with EINVAL: Address family not supported by protocol family -- You are receiving this mail because: You are the assignee for the bug.