The branch main has been updated by dchagin:
URL:
https://cgit.FreeBSD.org/src/commit/?id=bb46e9b5107fd8763742f7e55b66ea2e574f5815
commit bb46e9b5107fd8763742f7e55b66ea2e574f5815
Author: Dmitry Chagin <dcha...@freebsd.org>
AuthorDate: 2022-04-11 20:29:45 +0000
Commit: Dmitry Chagin <dcha...@freebsd.org>
CommitDate: 2022-04-11 20:29:45 +0000
linux(4): Prevent an attempt to copy an uninitialized source address.
PR: 259380
MFC after: 3 days
---
sys/compat/linux/linux_socket.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c
index 453a6621d9a7..935d07ecb7e0 100644
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@@ -1289,8 +1289,16 @@ linux_recvfrom(struct thread *td, struct
linux_recvfrom_args *args)
if (error != 0)
goto out;
- if (PTRIN(args->from) != NULL)
- error = linux_copyout_sockaddr(sa, PTRIN(args->from),
msg.msg_namelen);
+ /*
+ * XXX. Seems that FreeBSD is different from Linux here. Linux
+ * fill source address if underlying protocol provides it, while
+ * FreeBSD fill it if underlying protocol is not connection-oriented.
+ * So, kern_recvit() set msg.msg_namelen to 0 if protocol pr_flags
+ * does not contains PR_ADDR flag.
+ */
+ if (PTRIN(args->from) != NULL && msg.msg_namelen != 0)
+ error = linux_copyout_sockaddr(sa, PTRIN(args->from),
+ msg.msg_namelen);
if (error == 0 && PTRIN(args->fromlen) != NULL)
error = copyout(&msg.msg_namelen, PTRIN(args->fromlen),
