Ubuntu
linux package

accept() system call is inconsistent with bind(), connect()

Bug #1463553 reported by Daniel U. Thibault
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

Under kernel 3.2.0-54 and 3.9.3 (at least), the accept() system call in a PF_LOCAL, AF_LOCAL, SOCK_STREAM context returns an addrlen for the sockaddr_un structure that is too large by one.

As the SUN_LEN macro of the sys/un.h header shows, the "length" of the structure is expected to be the strlen() of the sun_path member, plus that member's offset. This is the length used by bind() and connect(), in particular. But accept() consistently returns a "length" which includes the trailing null, and is thus too large by one.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: linux-libc-dev 3.2.0-54.82
ProcVersionSignature: Ubuntu 3.2.0-54.82-virtual 3.2.50
Uname: Linux 3.2.0-54-virtual x86_64
AlsaDevices:
 total 0
 crw-rw---T 1 root audio 116, 1 May 26 09:41 seq
 crw-rw---T 1 root audio 116, 33 May 26 09:41 timer
AplayDevices: aplay: device_list:252: no soundcards found...
ApportVersion: 2.0.1-0ubuntu17.9
Architecture: amd64
ArecordDevices: arecord: device_list:252: no soundcards found...
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found.
Date: Tue Jun 9 16:14:40 2015
Dependencies:

HibernationDevice: RESUME=UUID=476a0cd7-3578-49f2-b064-1d2151aa9f56
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
IwConfig:
 lo no wireless extensions.

 eth0 no wireless extensions.
Lsusb:
 Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet
MachineType: innotek GmbH VirtualBox
MarkForUpload: True
PciMultimedia:

ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-54-virtual root=UUID=c1c9d001-671e-44c6-8e7c-82f83d591195 ro quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.2.0-54-virtual N/A
 linux-backports-modules-3.2.0-54-virtual N/A
 linux-firmware 1.79.18
RfKill:

SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
WifiSyslog:

dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.board.name: VirtualBox
dmi.board.vendor: Oracle Corporation
dmi.board.version: 1.2
dmi.chassis.type: 1
dmi.chassis.vendor: Oracle Corporation
dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
dmi.product.name: VirtualBox
dmi.product.version: 1.2
dmi.sys.vendor: innotek GmbH

Revision history for this message
Daniel U. Thibault (daniel-thibault) wrote :
Revision history for this message
Brad Figg (brad-figg) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v4.1 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

If you are unable to test the mainline kernel, for example it will not boot, please add the tag: 'kernel-unable-to-test-upstream'.
Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.1-rc7-unstable/

Changed in linux (Ubuntu):
importance: Undecided → Medium
tags: added: kernel-da-key
Revision history for this message
Daniel U. Thibault (daniel-thibault) wrote :

Tried it under kernel 4.0.5-040005-generic_4.0.5-040005.201506061639_amd64, still there.

tags: added: kernel-bug-exists-upstream
Revision history for this message
Daniel U. Thibault (daniel-thibault) wrote :

« Once testing of the upstream kernel is complete, please mark this bug as "Confirmed". »

As the reporter, I'm not allowed to do that. Besides, it's already marked as Confirmed.

Revision history for this message
Daniel U. Thibault (daniel-thibault) wrote :

I've just run into this related error (or discrepancy, at least) in the `unix(7)` man page:

"When the address of the socket is returned by getsockname(2), getpeername(2), and accept(2), its length is offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1, and sun_path contains the null-terminated pathname."

Revision history for this message
penalvch (penalvch) wrote :

Daniel U. Thibault, could you please test the latest mainline kernel as requested in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1463553/comments/3 ?

Also:
>"« Once testing of the upstream kernel is complete, please mark this bug as "Confirmed". » As the reporter, I'm not allowed to do that. Besides, it's already marked as Confirmed."

With linux (Ubuntu) a standing triaging exception is in place where Confirmed means the original reporter has at least attached the minimum amount of information to begin triaging.

Revision history for this message
Daniel U. Thibault (daniel-thibault) wrote :

Christopher, I did test the latest mainline kernel (4.0.5-040005-generic_4.0.5-040005.201506061639_amd64). Unless there's been another release over the last five days?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.