svn commit: r302259 - stable/10/sys/compat/linux

[Dmitry Chagin]

Author: dchagin
Date: Wed Jun 29 06:04:45 2016
New Revision: 302259
URL: https://svnweb.freebsd.org/changeset/base/302259

Log:
  MFC r302213:
  
  Fix a bug introduced in r283433.
  
  [1] Remove unneeded sockaddr conversion before kern_recvit() call as the from
  argument is used to record result (the source address of the received message) only.
  
  [2] In Linux the type of msg_namelen member of struct msghdr is signed but native
  msg_namelen has a unsigned type (socklen_t). So use the proper storage to fetch fromlen
  from userspace and than check the user supplied value and return EINVAL if it is less
  than 0 as a Linux do.
  
  Reported by:	Thomas Mueller <tmueller at sysgo dot com> [1]
  Tested by:	Thomas Mueller <tmueller at sysgo dot com> [both]
  Reviewed by:	kib@

Modified:
  stable/10/sys/compat/linux/linux_socket.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/compat/linux/linux_socket.c
==============================================================================
--- stable/10/sys/compat/linux/linux_socket.c	Wed Jun 29 05:21:25 2016	(r302258)
+++ stable/10/sys/compat/linux/linux_socket.c	Wed Jun 29 06:04:45 2016	(r302259)
@@ -1040,18 +1040,16 @@ linux_recvfrom(struct thread *td, struct
 {
 	struct msghdr msg;
 	struct iovec aiov;
-	int error;
+	int error, fromlen;
 
 	if (PTRIN(args->fromlen) != NULL) {
-		error = copyin(PTRIN(args->fromlen), &msg.msg_namelen,
-		    sizeof(msg.msg_namelen));
-		if (error != 0)
-			return (error);
-
-		error = linux_to_bsd_sockaddr((struct sockaddr *)PTRIN(args->from),
-		    msg.msg_namelen);
+		error = copyin(PTRIN(args->fromlen), &fromlen,
+		    sizeof(fromlen));
 		if (error != 0)
 			return (error);
+		if (fromlen < 0)
+			return (EINVAL);
+		msg.msg_namelen = fromlen;
 	} else
 		msg.msg_namelen = 0;