svn commit: r302213 - head/sys/compat/linux

[Dmitry Chagin]

Author: dchagin
Date: Sun Jun 26 16:59:59 2016
New Revision: 302213
URL: https://svnweb.freebsd.org/changeset/base/302213

Log:
  Fix a bug introduced in r283433.
  
  [1] Remove unneeded sockaddr conversion before kern_recvit() call as the from
  argument is used to record result (the source address of the received message) only.
  
  [2] In Linux the type of msg_namelen member of struct msghdr is signed but native
  msg_namelen has a unsigned type (socklen_t). So use the proper storage to fetch fromlen
  from userspace and than check the user supplied value and return EINVAL if it is less
  than 0 as a Linux do.
  
  Reported by:	Thomas Mueller <tmueller at sysgo dot com> [1]
  Reviewed by:	kib@
  Approved by:	re (gjb, kib)
  MFC after:	3 days

Modified:
  head/sys/compat/linux/linux_socket.c

Modified: head/sys/compat/linux/linux_socket.c
==============================================================================
--- head/sys/compat/linux/linux_socket.c	Sun Jun 26 16:38:42 2016	(r302212)
+++ head/sys/compat/linux/linux_socket.c	Sun Jun 26 16:59:59 2016	(r302213)
@@ -1054,18 +1054,16 @@ linux_recvfrom(struct thread *td, struct
 {
 	struct msghdr msg;
 	struct iovec aiov;
-	int error;
+	int error, fromlen;
 
 	if (PTRIN(args->fromlen) != NULL) {
-		error = copyin(PTRIN(args->fromlen), &msg.msg_namelen,
-		    sizeof(msg.msg_namelen));
-		if (error != 0)
-			return (error);
-
-		error = linux_to_bsd_sockaddr((struct sockaddr *)PTRIN(args->from),
-		    msg.msg_namelen);
+		error = copyin(PTRIN(args->fromlen), &fromlen,
+		    sizeof(fromlen));
 		if (error != 0)
 			return (error);
+		if (fromlen < 0)
+			return (EINVAL);
+		msg.msg_namelen = fromlen;
 	} else
 		msg.msg_namelen = 0;