From 4edc2c9b6b5b921873eb82e58719ed4d9e0d69bf Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 15 Feb 2016 22:50:01 +0100 Subject: [PATCH] networkd: FIONREAD is not reliable on some sockets Fixes: #2457 --- src/basic/socket-util.c | 34 ++++++++++++++++++++++++ src/basic/socket-util.h | 2 ++ src/libsystemd-network/sd-dhcp-client.c | 23 +++++++--------- src/libsystemd-network/sd-dhcp-server.c | 9 +++---- src/libsystemd-network/sd-dhcp6-client.c | 13 +++++---- src/libsystemd-network/sd-ndisc.c | 13 ++++----- src/resolve/resolved-manager.c | 10 +++---- 7 files changed, 64 insertions(+), 40 deletions(-) diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c index 49e5f5b125a..58512686e31 100644 --- a/src/basic/socket-util.c +++ b/src/basic/socket-util.c @@ -936,3 +936,37 @@ int receive_one_fd(int transport_fd, int flags) { return *(int*) CMSG_DATA(found); } + +ssize_t next_datagram_size_fd(int fd) { + ssize_t l; + int k; + + /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will + * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD dosn't + * do. This difference is actually of major importance as we need to be sure that the size returned here + * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of + * the wrong size. */ + + l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC); + if (l < 0) { + if (errno == EOPNOTSUPP) + goto fallback; + + return -errno; + } + if (l == 0) + goto fallback; + + return l; + +fallback: + k = 0; + + /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD + * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */ + + if (ioctl(fd, FIONREAD, &k) < 0) + return -errno; + + return (ssize_t) k; +} diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h index 92edc1dc22d..d17a2f35f82 100644 --- a/src/basic/socket-util.h +++ b/src/basic/socket-util.h @@ -133,5 +133,7 @@ int send_one_fd_sa(int transport_fd, #define send_one_fd(transport_fd, fd, flags) send_one_fd_sa(transport_fd, fd, NULL, 0, flags) int receive_one_fd(int transport_fd, int flags); +ssize_t next_datagram_size_fd(int fd); + #define CMSG_FOREACH(cmsg, mh) \ for ((cmsg) = CMSG_FIRSTHDR(mh); (cmsg); (cmsg) = CMSG_NXTHDR((mh), (cmsg))) diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c index 5fd59f7dd39..62099dd3f4f 100644 --- a/src/libsystemd-network/sd-dhcp-client.c +++ b/src/libsystemd-network/sd-dhcp-client.c @@ -1525,20 +1525,17 @@ static int client_receive_message_udp(sd_event_source *s, int fd, uint32_t revents, void *userdata) { sd_dhcp_client *client = userdata; _cleanup_free_ DHCPMessage *message = NULL; - int buflen = 0, len, r; const struct ether_addr zero_mac = { { 0, 0, 0, 0, 0, 0 } }; const struct ether_addr *expected_chaddr = NULL; uint8_t expected_hlen = 0; + ssize_t len, buflen; assert(s); assert(client); - r = ioctl(fd, FIONREAD, &buflen); - if (r < 0) - return -errno; - else if (buflen < 0) - /* this can't be right */ - return -EIO; + buflen = next_datagram_size_fd(fd); + if (buflen < 0) + return buflen; message = malloc0(buflen); if (!message) @@ -1616,17 +1613,15 @@ static int client_receive_message_raw(sd_event_source *s, int fd, }; struct cmsghdr *cmsg; bool checksum = true; - int buflen = 0, len, r; + ssize_t buflen, len; + int r; assert(s); assert(client); - r = ioctl(fd, FIONREAD, &buflen); - if (r < 0) - return -errno; - else if (buflen < 0) - /* this can't be right */ - return -EIO; + buflen = next_datagram_size_fd(fd); + if (buflen < 0) + return buflen; packet = malloc0(buflen); if (!packet) diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c index ad3a37b7229..54ff1a3f285 100644 --- a/src/libsystemd-network/sd-dhcp-server.c +++ b/src/libsystemd-network/sd-dhcp-server.c @@ -955,14 +955,13 @@ static int server_receive_message(sd_event_source *s, int fd, .msg_controllen = sizeof(cmsgbuf), }; struct cmsghdr *cmsg; - int buflen = 0, len; + ssize_t buflen, len; assert(server); - if (ioctl(fd, FIONREAD, &buflen) < 0) - return -errno; - else if (buflen < 0) - return -EIO; + buflen = next_datagram_size_fd(fd); + if (buflen < 0) + return buflen; message = malloc(buflen); if (!message) diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index 5b6b9cbcaca..7d56d4cc60d 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -33,6 +33,7 @@ #include "in-addr-util.h" #include "network-internal.h" #include "random-util.h" +#include "socket-util.h" #include "string-table.h" #include "util.h" @@ -891,18 +892,16 @@ static int client_receive_message(sd_event_source *s, int fd, uint32_t revents, sd_dhcp6_client *client = userdata; DHCP6_CLIENT_DONT_DESTROY(client); _cleanup_free_ DHCP6Message *message = NULL; - int r, buflen, len; + ssize_t buflen, len; + int r = 0; assert(s); assert(client); assert(client->event); - r = ioctl(fd, FIONREAD, &buflen); - if (r < 0) - return -errno; - else if (buflen < 0) - /* This really should not happen */ - return -EIO; + buflen = next_datagram_size_fd(fd); + if (buflen < 0) + return buflen; message = malloc(buflen); if (!message) diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c index 519d2aa36b3..bae6a49fe6f 100644 --- a/src/libsystemd-network/sd-ndisc.c +++ b/src/libsystemd-network/sd-ndisc.c @@ -491,19 +491,16 @@ static int ndisc_router_advertisment_recv(sd_event_source *s, int fd, uint32_t r struct cmsghdr *cmsg; struct in6_addr *gw; unsigned lifetime; - ssize_t len; - int r, pref, stateful, buflen = 0; + ssize_t len, buflen; + int r, pref, stateful; assert(s); assert(nd); assert(nd->event); - r = ioctl(fd, FIONREAD, &buflen); - if (r < 0) - return -errno; - else if (buflen < 0) - /* This really should not happen */ - return -EIO; + buflen = next_datagram_size_fd(fd); + if (buflen < 0) + return buflen; iov.iov_len = buflen; diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index bf5efe4cfa1..7f9073448ad 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -617,18 +617,16 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) { struct msghdr mh = {}; struct cmsghdr *cmsg; struct iovec iov; - int ms = 0, r; - ssize_t l; + ssize_t ms, l; + int r; assert(m); assert(fd >= 0); assert(ret); - r = ioctl(fd, FIONREAD, &ms); - if (r < 0) - return -errno; + ms = next_datagram_size_fd(fd); if (ms < 0) - return -EIO; + return ms; r = dns_packet_new(&p, protocol, ms); if (r < 0) -- 2.39.2