Branch: refs/heads/misc-bugfixes Home: https://github.com/kronosnet/kronosnet Commit: af7e176421247dbeb528aef7162580ddaba3fc02 https://github.com/kronosnet/kronosnet/commit/af7e176421247dbeb528aef7162580... Author: Fabio M. Di Nitto fdinitto@redhat.com Date: 2026-05-27 (Wed, 27 May 2026)
Changed paths: M libknet/handle_api.c M libknet/libknet.h M libknet/tests/Makefile.am M libknet/tests/api_knet_handle_add_datafd.c
Log Message: ----------- libknet: add comprehensive file descriptor validation in knet_handle_add_datafd
Add validation to reject unsupported file descriptor types and document supported types in knet_handle_add_datafd API documentation.
Reject: - User-provided AF_UNIX socketpairs (both SOCK_SEQPACKET and SOCK_DGRAM) Detected via getpeername() returning addrlen == sizeof(sa_family_t) - Unidirectional pipes (both O_RDONLY and O_WRONLY ends) Detected via fstat() + S_ISFIFO() + fcntl(F_GETFL) checking O_ACCMODE - Unconnected/unbound sockets (SOCK_STREAM and SOCK_DGRAM) Detected via getpeername() ENOTCONN + getsockname() checks
Accept: - knet-created socketpairs (datafd=0, both ends available internally) - TAP devices via libnozzle (primary use case) - Connected sockets (AF_INET, AF_INET6, etc.)
Add comprehensive test coverage including both blacklist (rejected types) and whitelist (accepted types) tests to api_knet_handle_add_datafd_test.
Signed-off-by: Fabio M. Di Nitto fabbione@kronosnet.org Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/kronosnet/kronosnet/settings/notifications