svn commit: r364346 - head/sys/compat/linux
Mark Johnston
markj at FreeBSD.org
Tue Aug 18 14:17:15 UTC 2020
Author: markj
Date: Tue Aug 18 14:17:14 2020
New Revision: 364346
URL: https://svnweb.freebsd.org/changeset/base/364346
Log:
Fix handling of ancillary data on non-AF_UNIX Linux sockets.
After r340674, the "continue" would restart the loop without having
updated clen, resulting in an infinite loop. Restore the old behaviour
of simply ignoring all control messages on such sockets, since we
currently only implement handling for AF_UNIX-specific messages.
Reported by: syzkaller
Reviewed by: tijl
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D26093
Modified:
head/sys/compat/linux/linux_socket.c
Modified: head/sys/compat/linux/linux_socket.c
==============================================================================
--- head/sys/compat/linux/linux_socket.c Tue Aug 18 14:09:49 2020 (r364345)
+++ head/sys/compat/linux/linux_socket.c Tue Aug 18 14:17:14 2020 (r364346)
@@ -1067,7 +1067,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc
* FreeBSD system call interface.
*/
if (sa_family != AF_UNIX)
- continue;
+ goto next;
if (cmsg->cmsg_type == SCM_CREDS) {
len = sizeof(struct cmsgcred);
@@ -1094,6 +1094,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc
data = (char *)data + CMSG_SPACE(len);
datalen += CMSG_SPACE(len);
+next:
if (clen <= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len))
break;
More information about the svn-src-all
mailing list