From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 27921 invoked from network); 28 Feb 2023 00:11:37 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 28 Feb 2023 00:11:37 -0000 Received: (qmail 2037 invoked by uid 550); 28 Feb 2023 00:11:34 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 2000 invoked from network); 28 Feb 2023 00:11:33 -0000 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru E651640D4004 From: Alexey Izbyshev To: musl@lists.openwall.com Date: Tue, 28 Feb 2023 03:11:17 +0300 Message-Id: <20230228001117.193937-1-izbyshev@ispras.ru> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 Mail-Followup-To: musl@lists.openwall.com Content-Transfer-Encoding: 8bit Subject: [musl] [PATCH v2] accept4: don't fall back to accept if we got unknown flags accept4 emulation via accept ignores unknown flags, so it can spuriously succeed instead of failing (or succeed without doing the action implied by an unknown flag if it's added in a future kernel). Worse, unknown flags trigger the fallback code even on modern kernels if the real accept4 syscall returns EINVAL, because this is indistinguishable from socketcall returning EINVAL due to lack of accept4 support. Fix this by always failing with EINVAL if unknown flags are present and the syscall is missing or failed with EINVAL. --- Changed per https://www.openwall.com/lists/musl/2023/02/27/9. The explicit errno variant is chosen because the surrounding code already deals with errno. Alexey --- src/network/accept4.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/network/accept4.c b/src/network/accept4.c index 59ab1726..765a38ed 100644 --- a/src/network/accept4.c +++ b/src/network/accept4.c @@ -9,6 +9,10 @@ int accept4(int fd, struct sockaddr *restrict addr, socklen_t *restrict len, int if (!flg) return accept(fd, addr, len); int ret = socketcall_cp(accept4, fd, addr, len, flg, 0, 0); if (ret>=0 || (errno != ENOSYS && errno != EINVAL)) return ret; + if (flg & ~(SOCK_CLOEXEC|SOCK_NONBLOCK)) { + errno = EINVAL; + return -1; + } ret = accept(fd, addr, len); if (ret<0) return ret; if (flg & SOCK_CLOEXEC) -- 2.39.1