git: bb0f644cd680 - main - linux(4): Limit user-supplied sockaddr length in recvfrom().

Mon, 11 Apr 2022 13:33:22 -0700 

The branch main has been updated by dchagin:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=bb0f644cd680d20b3112f6c14dc853171f497a88

commit bb0f644cd680d20b3112f6c14dc853171f497a88
Author:     Dmitry Chagin <dcha...@freebsd.org>
AuthorDate: 2022-04-11 20:32:28 +0000
Commit:     Dmitry Chagin <dcha...@freebsd.org>
CommitDate: 2022-04-11 20:32:28 +0000

    linux(4): Limit user-supplied sockaddr length in recvfrom().
    
    Differential Revision:  https://reviews.freebsd.org/D34726
---
 sys/compat/linux/linux_socket.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c
index 16e8c7dadb98..622e25651dbb 100644
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@@ -1272,6 +1272,7 @@ linux_recvfrom(struct thread *td, struct 
linux_recvfrom_args *args)
                        return (error);
                if (fromlen < 0)
                        return (EINVAL);
+               fromlen = min(fromlen, SOCK_MAXADDRLEN);
                sa = malloc(fromlen, M_SONAME, M_WAITOK);
        } else {
                fromlen = 0;

Reply via email to