Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Nov 2020 09:21:02 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r368179 - stable/12/sys/kern
Message-ID:  <202011300921.0AU9L27g091165@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: tuexen
Date: Mon Nov 30 09:21:01 2020
New Revision: 368179
URL: https://svnweb.freebsd.org/changeset/base/368179

Log:
  MFC r367464:
  The ioctl() calls using FIONREAD, FIONWRITE, FIONSPACE, and SIOCATMARK
  access the socket send or receive buffer. This is not possible for
  listening sockets since r319722.
  Because send()/recv() calls fail on listening sockets, fail also ioctl()
  indicating EINVAL.
  
  PR:			250366
  Reported by:		Yong-Hao Zou
  Reviewed by:		glebius, rscheff
  Sponsored by:		Netflix, Inc.
  Differential Revision:	https://reviews.freebsd.org/D26897

Modified:
  stable/12/sys/kern/sys_socket.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/kern/sys_socket.c
==============================================================================
--- stable/12/sys/kern/sys_socket.c	Mon Nov 30 09:18:13 2020	(r368178)
+++ stable/12/sys/kern/sys_socket.c	Mon Nov 30 09:21:01 2020	(r368179)
@@ -207,21 +207,34 @@ soo_ioctl(struct file *fp, u_long cmd, void *data, str
 
 	case FIONREAD:
 		/* Unlocked read. */
-		*(int *)data = sbavail(&so->so_rcv);
+		if (SOLISTENING(so)) {
+			error = EINVAL;
+		} else {
+			*(int *)data = sbavail(&so->so_rcv);
+		}
 		break;
 
 	case FIONWRITE:
 		/* Unlocked read. */
-		*(int *)data = sbavail(&so->so_snd);
+		if (SOLISTENING(so)) {
+			error = EINVAL;
+		} else {
+			*(int *)data = sbavail(&so->so_snd);
+		}
 		break;
 
 	case FIONSPACE:
 		/* Unlocked read. */
-		if ((so->so_snd.sb_hiwat < sbused(&so->so_snd)) ||
-		    (so->so_snd.sb_mbmax < so->so_snd.sb_mbcnt))
-			*(int *)data = 0;
-		else
-			*(int *)data = sbspace(&so->so_snd);
+		if (SOLISTENING(so)) {
+			error = EINVAL;
+		} else {
+			if ((so->so_snd.sb_hiwat < sbused(&so->so_snd)) ||
+			    (so->so_snd.sb_mbmax < so->so_snd.sb_mbcnt)) {
+				*(int *)data = 0;
+			} else {
+				*(int *)data = sbspace(&so->so_snd);
+			}
+		}
 		break;
 
 	case FIOSETOWN:
@@ -242,7 +255,11 @@ soo_ioctl(struct file *fp, u_long cmd, void *data, str
 
 	case SIOCATMARK:
 		/* Unlocked read. */
-		*(int *)data = (so->so_rcv.sb_state & SBS_RCVATMARK) != 0;
+		if (SOLISTENING(so)) {
+			error = EINVAL;
+		} else {
+			*(int *)data = (so->so_rcv.sb_state & SBS_RCVATMARK) != 0;
+		}
 		break;
 	default:
 		/*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202011300921.0AU9L27g091165>