From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH 14/24] tcp, udp, util: Enforce 24-bit limit on socket numbers Date: Fri, 25 Mar 2022 23:52:50 +0100 Message-ID: <20220325225300.2803584-15-sbrivio@redhat.com> In-Reply-To: <20220325225300.2803584-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2035004378929182818==" --===============2035004378929182818== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This should never happen, but there are no formal guarantees: ensure socket numbers are below SOCKET_MAX. Signed-off-by: Stefano Brivio --- passt.h | 4 +++- tcp.c | 17 +++++++++++++++++ tcp_splice.c | 8 ++++++++ udp.c | 7 +++++++ util.c | 7 +++++++ 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/passt.h b/passt.h index 8344fca..3a62b15 100644 --- a/passt.h +++ b/passt.h @@ -45,7 +45,9 @@ union epoll_ref; union epoll_ref { struct { int32_t proto:8, - s:24; +#define SOCKET_REF_BITS 24 +#define SOCKET_MAX (1 << SOCKET_REF_BITS) + s:SOCKET_REF_BITS; union { union tcp_epoll_ref tcp; union udp_epoll_ref udp; diff --git a/tcp.c b/tcp.c index 539d415..f03c929 100644 --- a/tcp.c +++ b/tcp.c @@ -1971,6 +1971,11 @@ static int tcp_conn_new_sock(struct ctx *c, sa_family_= t af) if (s < 0) s =3D socket(af, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP); =20 + if (s > SOCKET_MAX) { + close(s); + return -EIO; + } + if (s < 0) return -errno; =20 @@ -2980,6 +2985,12 @@ static int tcp_sock_refill(void *arg) break; } *p4 =3D socket(AF_INET, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP); + if (*p4 > SOCKET_MAX) { + close(*p4); + *p4 =3D -1; + return -EIO; + } + tcp_sock_set_bufsize(a->c, *p4); } =20 @@ -2989,6 +3000,12 @@ static int tcp_sock_refill(void *arg) } *p6 =3D socket(AF_INET6, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP); + if (*p6 > SOCKET_MAX) { + close(*p6); + *p6 =3D -1; + return -EIO; + } + tcp_sock_set_bufsize(a->c, *p6); } =20 diff --git a/tcp_splice.c b/tcp_splice.c index cb8df7b..d374785 100644 --- a/tcp_splice.c +++ b/tcp_splice.c @@ -418,6 +418,14 @@ static int tcp_splice_connect(struct ctx *c, struct tcp_= splice_conn *conn, const struct sockaddr *sa; socklen_t sl; =20 + if (sock_conn < 0) + return -errno; + + if (sock_conn > SOCKET_MAX) { + close(sock_conn); + return -EIO; + } + conn->b =3D sock_conn; =20 if (s < 0) diff --git a/udp.c b/udp.c index ad8a775..e22f3ac 100644 --- a/udp.c +++ b/udp.c @@ -443,8 +443,15 @@ int udp_splice_connect(struct ctx *c, int v6, int bound_= sock, =20 s =3D socket(v6 ? AF_INET6 : AF_INET, SOCK_DGRAM | SOCK_NONBLOCK, IPPROTO_UDP); + + if (s > SOCKET_MAX) { + close(s); + return -EIO; + } + if (s < 0) return s; + ref.r.s =3D s; =20 if (v6) { diff --git a/util.c b/util.c index 2d8952a..ff7d97b 100644 --- a/util.c +++ b/util.c @@ -235,10 +235,17 @@ int sock_l4(struct ctx *c, int af, uint8_t proto, uint1= 6_t port, fd =3D socket(af, SOCK_STREAM | SOCK_NONBLOCK, proto); else fd =3D socket(af, SOCK_DGRAM | SOCK_NONBLOCK, proto); + if (fd < 0) { perror("L4 socket"); return -1; } + + if (fd > SOCKET_MAX) { + close(fd); + return -EIO; + } + ref.r.s =3D fd; =20 if (af =3D=3D AF_INET) { --=20 2.35.1 --===============2035004378929182818==--