svn commit: r302213 - head/sys/compat/linux
Dmitry Chagin
dchagin at FreeBSD.org
Sun Jun 26 17:00:01 UTC 2016
Author: dchagin
Date: Sun Jun 26 16:59:59 2016
New Revision: 302213
URL: https://svnweb.freebsd.org/changeset/base/302213
Log:
Fix a bug introduced in r283433.
[1] Remove unneeded sockaddr conversion before kern_recvit() call as the from
argument is used to record result (the source address of the received message) only.
[2] In Linux the type of msg_namelen member of struct msghdr is signed but native
msg_namelen has a unsigned type (socklen_t). So use the proper storage to fetch fromlen
from userspace and than check the user supplied value and return EINVAL if it is less
than 0 as a Linux do.
Reported by: Thomas Mueller <tmueller at sysgo dot com> [1]
Reviewed by: kib@
Approved by: re (gjb, kib)
MFC after: 3 days
Modified:
head/sys/compat/linux/linux_socket.c
Modified: head/sys/compat/linux/linux_socket.c
==============================================================================
--- head/sys/compat/linux/linux_socket.c Sun Jun 26 16:38:42 2016 (r302212)
+++ head/sys/compat/linux/linux_socket.c Sun Jun 26 16:59:59 2016 (r302213)
@@ -1054,18 +1054,16 @@ linux_recvfrom(struct thread *td, struct
{
struct msghdr msg;
struct iovec aiov;
- int error;
+ int error, fromlen;
if (PTRIN(args->fromlen) != NULL) {
- error = copyin(PTRIN(args->fromlen), &msg.msg_namelen,
- sizeof(msg.msg_namelen));
- if (error != 0)
- return (error);
-
- error = linux_to_bsd_sockaddr((struct sockaddr *)PTRIN(args->from),
- msg.msg_namelen);
+ error = copyin(PTRIN(args->fromlen), &fromlen,
+ sizeof(fromlen));
if (error != 0)
return (error);
+ if (fromlen < 0)
+ return (EINVAL);
+ msg.msg_namelen = fromlen;
} else
msg.msg_namelen = 0;
More information about the svn-src-all
mailing list