Author: dchagin
Date: Wed Jun 29 06:04:45 2016
New Revision: 302259
URL: https://svnweb.freebsd.org/changeset/base/302259
Log:
MFC r302213:
Fix a bug introduced in r283433.
[1] Remove unneeded sockaddr conversion before kern_recvit() call as the from
argument is used to record result (the source address of the received
message) only.
[2] In Linux the type of msg_namelen member of struct msghdr is signed but
native
msg_namelen has a unsigned type (socklen_t). So use the proper storage to
fetch fromlen
from userspace and than check the user supplied value and return EINVAL if it
is less
than 0 as a Linux do.
Reported by: Thomas Mueller <tmueller at sysgo dot com> [1]
Tested by: Thomas Mueller <tmueller at sysgo dot com> [both]
Reviewed by: kib@
Modified:
stable/10/sys/compat/linux/linux_socket.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/compat/linux/linux_socket.c
==============================================================================
--- stable/10/sys/compat/linux/linux_socket.c Wed Jun 29 05:21:25 2016
(r302258)
+++ stable/10/sys/compat/linux/linux_socket.c Wed Jun 29 06:04:45 2016
(r302259)
@@ -1040,18 +1040,16 @@ linux_recvfrom(struct thread *td, struct
{
struct msghdr msg;
struct iovec aiov;
- int error;
+ int error, fromlen;
if (PTRIN(args->fromlen) != NULL) {
- error = copyin(PTRIN(args->fromlen), &msg.msg_namelen,
- sizeof(msg.msg_namelen));
- if (error != 0)
- return (error);
-
- error = linux_to_bsd_sockaddr((struct sockaddr
*)PTRIN(args->from),
- msg.msg_namelen);
+ error = copyin(PTRIN(args->fromlen), &fromlen,
+ sizeof(fromlen));
if (error != 0)
return (error);
+ if (fromlen < 0)
+ return (EINVAL);
+ msg.msg_namelen = fromlen;
} else
msg.msg_namelen = 0;
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
