Florian Weimer 2eecc8afd0 Terminate process on invalid netlink response from kernel [BZ #12926]
The recvmsg system calls for netlink sockets have been particularly
prone to picking up unrelated data after a file descriptor race
(where the descriptor is closed and reopened concurrently in a
multi-threaded process, as the result of a file descriptor
management issue elsewhere).  This commit adds additional error
checking and aborts the process if a datagram of unexpected length
(without the netlink header) is received, or an error code which
cannot happen due to the way the netlink socket is used.

	[BZ #12926]
	Terminate process on invalid netlink response.
	* sysdeps/unix/sysv/linux/netlinkaccess.h
	(__netlink_assert_response): Declare.
	* sysdeps/unix/sysv/linux/netlink_assert_response.c: New file.
	* sysdeps/unix/sysv/linux/Makefile [$(subdir) == inet]
	(sysdep_routines): Add netlink_assert_response.
	* sysdeps/unix/sysv/linux/check_native.c (__check_native): Call
	__netlink_assert_response.
	* sysdeps/unix/sysv/linux/check_pf.c (make_request): Likewise.
	* sysdeps/unix/sysv/linux/ifaddrs.c (__netlink_request): Likewise.
	* sysdeps/unix/sysv/linux/Versions (GLIBC_PRIVATE): Add
	__netlink_assert_response.
2015-11-09 12:48:41 +01:00

176 lines
3.1 KiB
Plaintext

libc {
# The comment lines with "#errlist-compat" are magic; see errlist-compat.awk.
# When you get an error from errlist-compat.awk, you need to add a new
# version here. Don't do this blindly, since this means changing the ABI
# for all GNU/Linux configurations.
GLIBC_2.0 {
# functions used in inline functions or macros
__cmsg_nxthdr;
# functions used in other libraries
__clone;
# helper functions
__errno_location;
# b*
bdflush;
# c*
clone; create_module;
# d*
delete_module;
# g*
get_kernel_syms; getresgid; getresuid;
# i*
init_module;
# k*
klogctl;
# l*
llseek;
# m*
mremap;
# n*
nfsservctl;
# p*
personality; prctl;
# q*
query_module; quotactl;
# s*
setfsgid; setfsuid;
# s*
setresgid; setresuid; swapoff; swapon; sysctl; sysinfo;
# u*
umount; uselib;
#errlist-compat 123
_sys_errlist; sys_errlist; _sys_nerr; sys_nerr;
}
GLIBC_2.1 {
# functions used in inline functions or macros
__libc_sa_len;
# Since we have new signals this structure changed.
_sys_siglist; sys_siglist; sys_sigabbrev;
# New errlist.
_sys_errlist; sys_errlist; _sys_nerr; sys_nerr;
# chown interface change.
chown;
# Change in pthread_attr_t.
pthread_attr_init;
# c*
capget; capset;
# n*
ntp_adjtime; ntp_gettime;
# u*
umount2;
#errlist-compat 125
_sys_errlist; sys_errlist; _sys_nerr; sys_nerr;
}
GLIBC_2.2 {
# needed in other libraries.
__endmntent; __getmntent_r; __setmntent; __statfs; __sysctl;
# ipc ctl interface change.
semctl; shmctl; msgctl;
}
GLIBC_2.2.1 {
# p*
pivot_root;
}
GLIBC_2.3 {
# r*
readahead;
#errlist-compat 126
_sys_errlist; sys_errlist; _sys_nerr; sys_nerr;
}
GLIBC_2.3.2 {
# New kernel interfaces.
epoll_create; epoll_ctl; epoll_wait;
}
GLIBC_2.3.3 {
gnu_dev_major; gnu_dev_minor; gnu_dev_makedev;
}
GLIBC_2.3.4 {
sched_getaffinity; sched_setaffinity;
}
GLIBC_2.4 {
inotify_init; inotify_add_watch; inotify_rm_watch;
unshare;
#errlist-compat 132
_sys_errlist; sys_errlist; _sys_nerr; sys_nerr;
}
GLIBC_2.5 {
splice; tee; vmsplice;
}
GLIBC_2.6 {
epoll_pwait; sync_file_range; sched_getcpu;
}
GLIBC_2.7 {
eventfd; eventfd_read; eventfd_write; signalfd;
}
GLIBC_2.8 {
timerfd_create; timerfd_settime; timerfd_gettime;
}
GLIBC_2.9 {
epoll_create1; inotify_init1;
}
GLIBC_2.10 {
fallocate;
}
GLIBC_2.12 {
#errlist-compat 135
_sys_errlist; sys_errlist; _sys_nerr; sys_nerr;
ntp_gettimex;
recvmmsg;
}
GLIBC_2.13 {
prlimit; prlimit64;
fanotify_init; fanotify_mark;
}
GLIBC_2.14 {
clock_adjtime;
name_to_handle_at; open_by_handle_at;
setns;
sendmmsg;
}
GLIBC_2.15 {
process_vm_readv; process_vm_writev;
}
GLIBC_PRIVATE {
# functions used in other libraries
__syscall_rt_sigqueueinfo;
# functions used by nscd
__netlink_assert_response;
}
}