Date: Tue, 18 Aug 2020 14:17:15 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r364346 - head/sys/compat/linux Message-ID: <202008181417.07IEHFt1097023@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Tue Aug 18 14:17:14 2020 New Revision: 364346 URL: https://svnweb.freebsd.org/changeset/base/364346 Log: Fix handling of ancillary data on non-AF_UNIX Linux sockets. After r340674, the "continue" would restart the loop without having updated clen, resulting in an infinite loop. Restore the old behaviour of simply ignoring all control messages on such sockets, since we currently only implement handling for AF_UNIX-specific messages. Reported by: syzkaller Reviewed by: tijl MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D26093 Modified: head/sys/compat/linux/linux_socket.c Modified: head/sys/compat/linux/linux_socket.c ============================================================================== --- head/sys/compat/linux/linux_socket.c Tue Aug 18 14:09:49 2020 (r364345) +++ head/sys/compat/linux/linux_socket.c Tue Aug 18 14:17:14 2020 (r364346) @@ -1067,7 +1067,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc * FreeBSD system call interface. */ if (sa_family != AF_UNIX) - continue; + goto next; if (cmsg->cmsg_type == SCM_CREDS) { len = sizeof(struct cmsgcred); @@ -1094,6 +1094,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struc data = (char *)data + CMSG_SPACE(len); datalen += CMSG_SPACE(len); +next: if (clen <= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len)) break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202008181417.07IEHFt1097023>