LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-08-2014, 11:06 AM   #1
LearningGeek
LQ Newbie
 
Registered: Aug 2014
Posts: 1

Rep: Reputation: Disabled
msg_flags of sctp_rcvmsg () behave differently in redhat rel5 and redhat rel6


Hello Guys,

I am developing a software in which I am using redhat sctp library. I find this strange behavior between sctp_recvmsg in redhat rel5 and redhat rel6. I am capturing the syntax to make my query clear.

int sctp_recvmsg(int sd, void * msg, size_t len, struct sockaddr * from, socklen_t * fromlen, struct sctp_sndrcvinfo * sinfo, int * msg_flags);

The last option msg_flags worked fine when I declare it as int in rel 5. But in rel6 when i declare it as int my
my poll() loops for odd 1272 times and then stops. This loop number is fixed.
I changed msg_flags from int to long and it worked fine.

If any one knows the reason for this, please let me know.
 
Old 08-09-2014, 01:09 PM   #2
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Rep: Reputation: 20
It appears redhat's sctp library is lkscpt. The implementation of sctp_recvmsg() is here

Looking at the implemented code, I see no reason why a switch from int* to long* would work. (unless maybe there's a weird 32bit<->64bit thing going on.)
without more code to go on, I'm not sure if I'll (or anyone) will be able to help much. 1272 seems like a fairly "random" number, but I'm sure has some kind of meaning within the context of your code.
 
Old 08-09-2014, 01:24 PM   #3
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Rep: Reputation: 20
Doing a little more research, I came across this; Which talks about a potential local DoS from an "infected" CMSG. The patch supplied appears to, instead of looping CMSG's, get only one of them. I'm not really sure if this patch may be what broke your thing.

The patch is as follows (note the text at the top, particularly about multiple CMSG's):
Code:
This patch fixes hemlock by disallowing the condition that creates the poisoned
buffer in the first place.  This is likely to break some esoteric ipv4 apps which
depend on having multiple CMSG entries, but as there are only two sendable CMSG for
IPv4, I really doubt it.

--- linux-2.6.32-358.11.1.el6.x86_64.orig/net/ipv4/ip_sockglue.c	2013-05-15 08:33:03.000000000 -0400
+++ linux-2.6.32-358.11.1.el6.x86_64/net/ipv4/ip_sockglue.c	2013-06-30 05:19:43.000000000 -0400
@@ -196,7 +196,8 @@
 	int err;
 	struct cmsghdr *cmsg;
 
-	for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
+	cmsg = CMSG_FIRSTHDR(msg);
+	{
 		if (!CMSG_OK(msg, cmsg))
 			return -EINVAL;
 		if (cmsg->cmsg_level != SOL_IP)
Again, this is just a shot in the dark, hope it's helpful.
See CVE-2013-2224 for more details on the noted exploit.

Last edited by zer0python; 08-09-2014 at 01:26 PM. Reason: Add url to nvd.nist.gov
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] gawk+gensub beckreference behave differently in while loop? stillsmil Programming 4 07-09-2012 04:40 AM
Is dpkg/lock working differently in Oneiric? It didn't behave this way before Fennippee Linux - Newbie 1 10-29-2011 01:50 AM
Make mysql order by to behave differently raven Linux - Server 2 11-30-2007 04:33 AM
display horizantly shifted for redhat 9.0, redhat enterprise and fedora core dudely Linux - Software 3 08-12-2005 11:18 AM
display horizantly shifted for redhat 9.0, redhat enterprise and fedora core dudely Linux - Newbie 1 08-11-2005 05:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration