Bug#833558: libc0.3: [hurd] recvmsg: PF_LOCAL sockets and msg_name lead to SIGLOST
Package: libc0.3
Version: 2.23-4
Severity: normal
Tags: patch upstream
Control: forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=20444
Dear Maintainer,
When using recvmsg on a PF_LOCAL socket, if msg_name and msg_namelen
are set, the process receives SIGLOST. This is due to glibc's recvmsg
implementation assuming that the peer address returned by __socket_recv
is always valid, when in fact that function returns MACH_PORT_NULL when
used in combination with PF_LOCAL sockets. Passing that to
__socket_whatis_address will generate SIGLOST.
recvfrom is not affected, that already checks for MACH_PORT_NULL.
I've attached a patch that fixes that issue for me, adding a check in
the same way recvfrom does it currently.
I've also reported this issue upstream:
https://sourceware.org/bugzilla/show_bug.cgi?id=20444
I've also forwarded this patch to the bug-hurd and debian-hurd mailing
lists:
https://lists.debian.org/debian-hurd/2016/08/msg00010.html
https://lists.gnu.org/archive/html/bug-hurd/2016-08/msg00012.html
Regards,
Christian
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: hurd-i386 (i686-AT386)
Kernel: GNU-Mach 1.7+git20160607-486/Hurd-0.8
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libc0.3 depends on:
ii hurd-libs0.3 1:0.8.git20160522-4+b1
ii libgcc1 1:6.1.1-9
libc0.3 recommends no packages.
Versions of packages libc0.3 suggests:
ii debconf [debconf-2.0] 1.5.59
pn glibc-doc <none>
pn libc-l10n <none>
-- debconf information excluded
Description: [hurd] recvmsg: don't try to resolve invalid address
Hurd's PF_LOCAL implementation doesn't return an address when calling
__recv. recvmsg wasn't catching that and tried to call
__socket_whatis_address on MACH_PORT_NULL, causing Hurd to send
SIGLOST to the process. Properly handle this, analogously to how
recvfrom does it.
Author: Christian Seiler <christian@iwakd.de>
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=20444
Last-Update: 2016-08-05
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/sysdeps/mach/hurd/recvmsg.c
+++ b/sysdeps/mach/hurd/recvmsg.c
@@ -202,7 +202,7 @@ __libc_recvmsg (int fd, struct msghdr *m
&message->msg_flags, amount)))
return __hurd_sockfail (fd, flags, err);
- if (message->msg_name != NULL)
+ if (message->msg_name != NULL && aport != MACH_PORT_NULL)
{
char *buf = message->msg_name;
mach_msg_type_number_t buflen = message->msg_namelen;
@@ -236,6 +236,8 @@ __libc_recvmsg (int fd, struct msghdr *m
if (buflen > 0)
((struct sockaddr *) message->msg_name)->sa_family = type;
}
+ else if (message->msg_name != NULL)
+ message->msg_namelen = 0;
__mach_port_deallocate (__mach_task_self (), aport);
Reply to: