Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 Aug 2020 16:27:51 +0000 (UTC)
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r364707 - stable/12/sys/compat/linux
Message-ID:  <202008241627.07OGRpJr074735@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: trasz
Date: Mon Aug 24 16:27:51 2020
New Revision: 364707
URL: https://svnweb.freebsd.org/changeset/base/364707

Log:
  MFC r362941:
  
  Fix Linux recvmsg(2) when msg_namelen returned is 0.  Previously
  it would fail with EINVAL, breaking some of the Python regression
  tests.
  
  While here, cap the user-controlled message length.
  
  Note that the code doesn't seem to be copying out the new length
  in either (success or failure) case. This will be addressed separately.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  stable/12/sys/compat/linux/linux_socket.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/compat/linux/linux_socket.c
==============================================================================
--- stable/12/sys/compat/linux/linux_socket.c	Mon Aug 24 16:25:27 2020	(r364706)
+++ stable/12/sys/compat/linux/linux_socket.c	Mon Aug 24 16:27:51 2020	(r364707)
@@ -1195,11 +1195,14 @@ linux_recvmsg_common(struct thread *td, l_int s, struc
 	if (error != 0)
 		return (error);
 
-	if (msg->msg_name) {
+	if (msg->msg_name != NULL && msg->msg_namelen > 0) {
+		msg->msg_namelen = min(msg->msg_namelen, SOCK_MAXADDRLEN);
 		sa = malloc(msg->msg_namelen, M_SONAME, M_WAITOK);
 		msg->msg_name = sa;
-	} else
+	} else {
 		sa = NULL;
+		msg->msg_name = NULL;
+	}
 
 	uiov = msg->msg_iov;
 	msg->msg_iov = iov;
@@ -1209,7 +1212,10 @@ linux_recvmsg_common(struct thread *td, l_int s, struc
 	if (error != 0)
 		goto bad;
 
-	if (msg->msg_name) {
+	/*
+	 * Note that kern_recvit() updates msg->msg_namelen.
+	 */
+	if (msg->msg_name != NULL && msg->msg_namelen > 0) {
 		msg->msg_name = PTRIN(linux_msghdr.msg_name);
 		error = bsd_to_linux_sockaddr(sa, &lsa, msg->msg_namelen);
 		if (error == 0)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202008241627.07OGRpJr074735>