git: bb0f644cd680 - main - linux(4): Limit user-supplied sockaddr length in recvfrom().
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 11 Apr 2022 20:32:53 UTC
The branch main has been updated by dchagin:
URL: https://cgit.FreeBSD.org/src/commit/?id=bb0f644cd680d20b3112f6c14dc853171f497a88
commit bb0f644cd680d20b3112f6c14dc853171f497a88
Author: Dmitry Chagin <dchagin@FreeBSD.org>
AuthorDate: 2022-04-11 20:32:28 +0000
Commit: Dmitry Chagin <dchagin@FreeBSD.org>
CommitDate: 2022-04-11 20:32:28 +0000
linux(4): Limit user-supplied sockaddr length in recvfrom().
Differential Revision: https://reviews.freebsd.org/D34726
---
sys/compat/linux/linux_socket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c
index 16e8c7dadb98..622e25651dbb 100644
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@@ -1272,6 +1272,7 @@ linux_recvfrom(struct thread *td, struct linux_recvfrom_args *args)
return (error);
if (fromlen < 0)
return (EINVAL);
+ fromlen = min(fromlen, SOCK_MAXADDRLEN);
sa = malloc(fromlen, M_SONAME, M_WAITOK);
} else {
fromlen = 0;