2

I am doing some interposition in Mac OS X (essentially intercepting C calls) and I noticed that the ping application tries to call the sendto function with an addrlen value of 16. In sys/socket.h I can see clearly that the sa_data array only holds up to 14 bytes:

/*
 * [XSI] Structure used by kernel to store most addresses.
 */
struct sockaddr {
    __uint8_t   sa_len;     /* total length */
    sa_family_t sa_family;  /* [XSI] address family */
    char        sa_data[14];    /* [XSI] addr value (actually larger) */
};

It freaks me out that the comment says "actually larger" but there's not much I can do about that.

Anyway, the man page shows the signature for the sendto function looks like this:

ssize_t
sendto(int socket,
  const void *buffer,
  size_t length,
  int flags,
  const struct sockaddr *dest_addr,
  socklen_t dest_len);

And then the man page specifically calls out what to do if the length value is too long for a message to be delivered atomically. It ignores the situation where dest_len is larger than what dest_addr.sa_data can hold.

If I try to copy 16 bytes of data into another dest_addr.sa_data from the caller it fails and the application crashes, as it should. Am I misunderstanding how this field is used? Why does the comment in the header say "actually larger" but then assigns a fixed size to the array?

Tim Mattison
  • 152
  • 10
  • 2
    OK, well `sockaddr` is kinda of generic structure and in reality you will pass `sockaddr_in` et al. If your test crashed are you sure you had the correct address family set? Please post the code you used - or just the relevant bits of it. – trojanfoe Apr 09 '14 at 00:10

1 Answers1

1

You never actually are supposed to use struct sockaddr. It's like void in void *, a stand-in for the actual sockaddr_foo structures.

R.. GitHub STOP HELPING ICE
  • 208,859
  • 35
  • 376
  • 711
  • Thanks, it's starting to make a lot more sense now. How does a function like sendto know which structure to use when it is called? Does it look at `sa_family` and then choose the right `sockaddr_foo` based on that? Is there a header file that maps `sa_family` to `sockaddr_foo`? – Tim Mattison Apr 09 '14 at 10:43
  • I'm going to add a new question for this. Your answer was just what I needed to start finding the right resources. – Tim Mattison Apr 09 '14 at 11:20