svn commit: r269502 - head/sys/kern
Davide Italiano
davide at FreeBSD.org
Mon Aug 4 05:40:52 UTC 2014
Author: davide
Date: Mon Aug 4 05:40:51 2014
New Revision: 269502
URL: http://svnweb.freebsd.org/changeset/base/269502
Log:
Fix an overflow in getsockopt(). optval isn't big enough to hold
sbintime_t.
Re-introduce r255030 behaviour capping socket timeouts to INT_32
if they're too large.
CR: https://phabric.freebsd.org/D433
Reported by: demon
Reviewed by: bde [1], jhb [2]
MFC after: 2 weeks
Modified:
head/sys/kern/uipc_socket.c
Modified: head/sys/kern/uipc_socket.c
==============================================================================
--- head/sys/kern/uipc_socket.c Mon Aug 4 04:23:45 2014 (r269501)
+++ head/sys/kern/uipc_socket.c Mon Aug 4 05:40:51 2014 (r269502)
@@ -2544,8 +2544,10 @@ sosetopt(struct socket *so, struct socko
error = EDOM;
goto bad;
}
- val = tvtosbt(tv);
-
+ if (tv.tv_sec > INT32_MAX)
+ val = SBT_MAX;
+ else
+ val = tvtosbt(tv);
switch (sopt->sopt_name) {
case SO_SNDTIMEO:
so->so_snd.sb_timeo = val;
@@ -2694,10 +2696,8 @@ integer:
case SO_SNDTIMEO:
case SO_RCVTIMEO:
- optval = (sopt->sopt_name == SO_SNDTIMEO ?
- so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
-
- tv = sbttotv(optval);
+ tv = sbttotv(sopt->sopt_name == SO_SNDTIMEO ?
+ so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
#ifdef COMPAT_FREEBSD32
if (SV_CURPROC_FLAG(SV_ILP32)) {
struct timeval32 tv32;
More information about the svn-src-all
mailing list