Some socket syscalls fail to return an error on bad file-descriptor# argument

Description:

The sockfd_lookup_light() function does not set the return error statuson a particular failure mode when the passed-in fd# is erroneous.


Environment:

2.6.16 kernel with the -mm2 patch-set applied. Linux 2.6.17 kernels arealso affected. Without the fix, a number of tests in LTP fail! Anyprogram calling one of the syscalls listed below with a bad fd# will notget an error return indicating that the syscall failed.


Fix:

The attached patch correctly sets *err = -EBADF if the attempt to mapthe fd# to a file pointer returns NULL. The following syscalls areaffected-


bind()
listen()
accept()
connect()
getsockname()
getpeername()
setsockopt()
setsockopt()
shutdown()
sendmsg()
recvmsg()

diff -urpN ./net/socket.c.orig ./net/socket.c
--- ./net/socket.c.orig	2006-06-01 10:28:30.000000000 +1000
+++ ./net/socket.c	2006-06-01 10:34:09.000000000 +1000
@@ -496,6 +496,8 @@ static struct socket *sockfd_lookup_ligh
 		if (sock)
 			return sock;
 		fput_light(file, *fput_needed);
+	} else {
+		*err = -EBADF;
 	}
 	return NULL;
 }

Follow-Ups:
- Re: Some socket syscalls fail to return an error on bad file-descriptor# argument
  - From: Andrew Morton <[email protected]>
- RE: Some socket syscalls fail to return an error on bad file-descriptor# argument
  - From: "Hua Zhong" <[email protected]>

Prev by Date: Re: [git patch] libata resume fix
Next by Date: Re: + i386-fix-get_segment_eip-with-vm86.patch added to -mm tree
Previous by thread: 2.6.17-rc5-mm1-lockdep: a rather strange oops
Next by thread: RE: Some socket syscalls fail to return an error on bad file-descriptor# argument
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]