[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Misleading example code in CMSG_DATA(3) manpage

>Submitter-Id:	net
>Originator:	Christian Biere
>Confidential:	no
>Synopsis:	Misleading example code in CMSG_DATA(3) manpage
>Severity:	non-critical
>Priority:	low
>Category:	documentation
>Class:		doc-bug
>Release:	NetBSD 3.99.15
System: NetBSD cyclonus 3.99.15 NetBSD 3.99.15 (STARSCREAM) #2: Wed Feb 15 09:55:36 CET 2006 bin_(_at_)_cyclonus:/o/NetBSD/obj/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
The manual page CMSG_DATA(3) in current OpenBSD has some example code.
There is a misleading flaw in this code that should probably be
corrected. Using the if-condition

	cmsg->cmsg_len == CMSG_LEN(sizeof(int))

is bad because SCM_RIGHTS can transfer an array of file descriptors
not just a single one. This check would cause arrays with more than
one file descriptor to be skipped/ignored/dropped and lead to a file
descriptor leak because these fds are never closed. Of course the code
is incomplete anyway but this is IMHO misleading and it would be
better without this length check. I also assume that the kernel can be
trusted here to allow only multiples of sizeof(int) and a minimum of
sizeof(int) but code inspection would be required to be certain.