git: bb0f644cd680 - main - linux(4): Limit user-supplied sockaddr length in recvfrom().
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 11 Apr 2022 20:32:53 UTC
The branch main has been updated by dchagin: URL: https://cgit.FreeBSD.org/src/commit/?id=bb0f644cd680d20b3112f6c14dc853171f497a88 commit bb0f644cd680d20b3112f6c14dc853171f497a88 Author: Dmitry Chagin <dchagin@FreeBSD.org> AuthorDate: 2022-04-11 20:32:28 +0000 Commit: Dmitry Chagin <dchagin@FreeBSD.org> CommitDate: 2022-04-11 20:32:28 +0000 linux(4): Limit user-supplied sockaddr length in recvfrom(). Differential Revision: https://reviews.freebsd.org/D34726 --- sys/compat/linux/linux_socket.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c index 16e8c7dadb98..622e25651dbb 100644 --- a/sys/compat/linux/linux_socket.c +++ b/sys/compat/linux/linux_socket.c @@ -1272,6 +1272,7 @@ linux_recvfrom(struct thread *td, struct linux_recvfrom_args *args) return (error); if (fromlen < 0) return (EINVAL); + fromlen = min(fromlen, SOCK_MAXADDRLEN); sa = malloc(fromlen, M_SONAME, M_WAITOK); } else { fromlen = 0;