Skip to content

syscall: ParseUnixCredentials is unsafe #16475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
iangudger opened this issue Jul 22, 2016 · 2 comments
Closed

syscall: ParseUnixCredentials is unsafe #16475

iangudger opened this issue Jul 22, 2016 · 2 comments
Labels
FrozenDueToAge
Milestone
Go1.8

Comments

@iangudger
Copy link
Contributor

iangudger commented Jul 22, 2016
edited
Loading

syscall.ParseUnixCredentials does not sufficiently validate its inputs to avoid crashes or returning uninitialized memory to the caller (via unsafe use of unsafe).

Current code:

// ParseUnixCredentials decodes a socket control message that contains
// credentials in a Ucred structure. To receive such a message, the
// SO_PASSCRED option must be enabled on the socket.
func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) {
    if m.Header.Level != SOL_SOCKET {
        return nil, EINVAL
    }
    if m.Header.Type != SCM_CREDENTIALS {
        return nil, EINVAL
    }
    ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
    return &ucred, nil
}

The Data field is blindly cast to a Ucred type without checking the length.

Correct code might look something like:

// ParseUnixCredentials decodes a socket control message that contains
// credentials in a Ucred structure. To receive such a message, the
// SO_PASSCRED option must be enabled on the socket.
func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) {
    if m.Header.Level != SOL_SOCKET {
        return nil, EINVAL
    }
    if m.Header.Type != SCM_CREDENTIALS {
        return nil, EINVAL
    }
    if len(m.Data) < SizeofUcred {
        return nil, EINVAL
    }
    ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
    return &ucred, nil
}
@bradfitz
Copy link
Contributor

People who like this bug also like #15653

@bradfitz bradfitz added this to the Go1.8 milestone Jul 22, 2016
@gopherbot
Copy link
Contributor

CL https://golang.org/cl/25154 mentions this issue.

@hirochachacha hirochachacha mentioned this issue Aug 11, 2016
Closed
@golang golang locked and limited conversation to collaborators Aug 20, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.8
Development

No branches or pull requests
3 participants
@bradfitz @iangudger @gopherbot