svn commit: r364707 - stable/12/sys/compat/linux
Edward Tomasz Napierala
trasz at FreeBSD.org
Mon Aug 24 16:27:52 UTC 2020
Author: trasz
Date: Mon Aug 24 16:27:51 2020
New Revision: 364707
URL: https://svnweb.freebsd.org/changeset/base/364707
Log:
MFC r362941:
Fix Linux recvmsg(2) when msg_namelen returned is 0. Previously
it would fail with EINVAL, breaking some of the Python regression
tests.
While here, cap the user-controlled message length.
Note that the code doesn't seem to be copying out the new length
in either (success or failure) case. This will be addressed separately.
Sponsored by: The FreeBSD Foundation
Modified:
stable/12/sys/compat/linux/linux_socket.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/compat/linux/linux_socket.c
==============================================================================
--- stable/12/sys/compat/linux/linux_socket.c Mon Aug 24 16:25:27 2020 (r364706)
+++ stable/12/sys/compat/linux/linux_socket.c Mon Aug 24 16:27:51 2020 (r364707)
@@ -1195,11 +1195,14 @@ linux_recvmsg_common(struct thread *td, l_int s, struc
if (error != 0)
return (error);
- if (msg->msg_name) {
+ if (msg->msg_name != NULL && msg->msg_namelen > 0) {
+ msg->msg_namelen = min(msg->msg_namelen, SOCK_MAXADDRLEN);
sa = malloc(msg->msg_namelen, M_SONAME, M_WAITOK);
msg->msg_name = sa;
- } else
+ } else {
sa = NULL;
+ msg->msg_name = NULL;
+ }
uiov = msg->msg_iov;
msg->msg_iov = iov;
@@ -1209,7 +1212,10 @@ linux_recvmsg_common(struct thread *td, l_int s, struc
if (error != 0)
goto bad;
- if (msg->msg_name) {
+ /*
+ * Note that kern_recvit() updates msg->msg_namelen.
+ */
+ if (msg->msg_name != NULL && msg->msg_namelen > 0) {
msg->msg_name = PTRIN(linux_msghdr.msg_name);
error = bsd_to_linux_sockaddr(sa, &lsa, msg->msg_namelen);
if (error == 0)
More information about the svn-src-all
mailing list