svn commit: r364346 - head/sys/compat/linux

[Mark Johnston]

Author: markj
Date: Tue Aug 18 14:17:14 2020
New Revision: 364346
URL: https://svnweb.freebsd.org/changeset/base/364346

Log:
  Fix handling of ancillary data on non-AF_UNIX Linux sockets.
  
  After r340674, the "continue" would restart the loop without having
  updated clen, resulting in an infinite loop.  Restore the old behaviour
  of simply ignoring all control messages on such sockets, since we
  currently only implement handling for AF_UNIX-specific messages.
  
  Reported by:	syzkaller
  Reviewed by:	tijl
  MFC after:	1 week
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D26093

Modified:
  head/sys/compat/linux/linux_socket.c

Modified: head/sys/compat/linux/linux_socket.c
==============================================================================
--- head/sys/compat/linux/linux_socket.c	Tue Aug 18 14:09:49 2020	(r364345)
+++ head/sys/compat/linux/linux_socket.c	Tue Aug 18 14:17:14 2020	(r364346)
@@ -1067,7 +1067,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc
 			 * FreeBSD system call interface.
 			 */
 			if (sa_family != AF_UNIX)
-				continue;
+				goto next;
 
 			if (cmsg->cmsg_type == SCM_CREDS) {
 				len = sizeof(struct cmsgcred);
@@ -1094,6 +1094,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc
 			data = (char *)data + CMSG_SPACE(len);
 			datalen += CMSG_SPACE(len);
 
+next:
 			if (clen <= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len))
 				break;