svn commit: r269502 - head/sys/kern

Davide Italiano davide at FreeBSD.org
Mon Aug 4 05:40:52 UTC 2014


Author: davide
Date: Mon Aug  4 05:40:51 2014
New Revision: 269502
URL: http://svnweb.freebsd.org/changeset/base/269502

Log:
  Fix an overflow in getsockopt(). optval isn't big enough to hold
  sbintime_t.
  Re-introduce r255030 behaviour capping socket timeouts to INT_32
  if they're too large.
  
  CR:	https://phabric.freebsd.org/D433
  Reported by:	demon
  Reviewed by:	bde [1], jhb [2]
  MFC after:	2 weeks

Modified:
  head/sys/kern/uipc_socket.c

Modified: head/sys/kern/uipc_socket.c
==============================================================================
--- head/sys/kern/uipc_socket.c	Mon Aug  4 04:23:45 2014	(r269501)
+++ head/sys/kern/uipc_socket.c	Mon Aug  4 05:40:51 2014	(r269502)
@@ -2544,8 +2544,10 @@ sosetopt(struct socket *so, struct socko
 				error = EDOM;
 				goto bad;
 			}
-			val = tvtosbt(tv);
-
+			if (tv.tv_sec > INT32_MAX)
+				val = SBT_MAX;
+			else
+				val = tvtosbt(tv);
 			switch (sopt->sopt_name) {
 			case SO_SNDTIMEO:
 				so->so_snd.sb_timeo = val;
@@ -2694,10 +2696,8 @@ integer:
 
 		case SO_SNDTIMEO:
 		case SO_RCVTIMEO:
-			optval = (sopt->sopt_name == SO_SNDTIMEO ?
-				  so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
-
-			tv = sbttotv(optval);
+			tv = sbttotv(sopt->sopt_name == SO_SNDTIMEO ?
+			    so->so_snd.sb_timeo : so->so_rcv.sb_timeo);
 #ifdef COMPAT_FREEBSD32
 			if (SV_CURPROC_FLAG(SV_ILP32)) {
 				struct timeval32 tv32;


More information about the svn-src-head mailing list