svn commit: r203728 - head/sys/compat/linux

[Xin LI]

Author: delphij
Date: Tue Feb  9 22:30:51 2010
New Revision: 203728
URL: http://svn.freebsd.org/changeset/base/203728

Log:
   - Return EAFNOSUPPORT instead of EINVAL for unsupported address family,
     this matches the Linux behavior.
   - Check if we have sufficient space allocated for socket structure, which
     fixes a buffer overflow when wrong length is being passed into the
     emulation layer. [1]
  
  PR:		kern/138860
  Submitted by:	Mateusz Guzik <mjguzik gmail com>
  Reported by:	Alexander Best [1]
  MFC after:	2 weeks

Modified:
  head/sys/compat/linux/linux_socket.c

Modified: head/sys/compat/linux/linux_socket.c
==============================================================================
--- head/sys/compat/linux/linux_socket.c	Tue Feb  9 22:15:59 2010	(r203727)
+++ head/sys/compat/linux/linux_socket.c	Tue Feb  9 22:30:51 2010	(r203728)
@@ -128,7 +128,7 @@ do_sa_get(struct sockaddr **sap, const s
 
 	bdom = linux_to_bsd_domain(kosa->sa_family);
 	if (bdom == -1) {
-		error = EINVAL;
+		error = EAFNOSUPPORT;
 		goto out;
 	}
 
@@ -157,8 +157,13 @@ do_sa_get(struct sockaddr **sap, const s
 		}
 	} else
 #endif
-	if (bdom == AF_INET)
+	if (bdom == AF_INET) {
 		alloclen = sizeof(struct sockaddr_in);
+		if (*osalen < alloclen) {
+			error = EINVAL;
+			goto out;
+		}
+	}
 
 	sa = (struct sockaddr *) kosa;
 	sa->sa_family = bdom;