Till Straumann strauman at slac.stanford.edu
Thu Feb 12 19:42:23 UTC 2009

IMHO rtems_bsdnet_fdToSocket() doesn't
verify thoroughly enough that the file
descriptor passed in is really a socket.

If you e.g., try getsockname() on a fd
that was opened on a termios device then
a crash may result.

I propose to let rtems_bsdnet_fdToSocket()
test not only that iop->data1 is NULL but
to add an additional test.

1) add a new flag LIBIO_FLAGS_ISSOCK
   which is set by rtems_bsdnet_makeFdForSocket()
   and tested by rtems_bsdnet_fdToSocket()
1a) instead of one flag we could use a few
   more bits and create a LIBIO_FLAGS_IOP_TYPE
   bitmask (in case the need for other special
   cases besides sockets arises in the future).
   The test would then look like

       errno = ENOTSOCK;
       return NULL;

   Sidenote: IMO, if data1 == NULL then errno should
             also be ENOTSOCK instead of EBADF.

2) alternatively, rtems_bsdnet_fdToSocket() could
   test if iop->handlers == socket_handlers.

   socket_handlers would then have to become a globally
   visible symbol (right now a static variable).

   Unfortunately, this would introduce some asymmetry
   (fdToSocket() refers to global symbol, makeFdForSocket
   gets pointer to handlers passed in).

If nobody objects or has a better idea then I would
implement 1a), create a PR and commit to 4.9 and HEAD.


More information about the users mailing list