Date: Fri, 17 Jun 2022 19:39:08 GMT From: Dmitry Chagin <dchagin@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: ecf8f499683e - stable/13 - linux(4): Limit user-supplied sockaddr length in recvfrom(). Message-ID: <202206171939.25HJd8fg015606@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by dchagin: URL: https://cgit.FreeBSD.org/src/commit/?id=ecf8f499683eaed387852d22f177639a7e34df9a commit ecf8f499683eaed387852d22f177639a7e34df9a Author: Dmitry Chagin <dchagin@FreeBSD.org> AuthorDate: 2022-04-11 20:32:28 +0000 Commit: Dmitry Chagin <dchagin@FreeBSD.org> CommitDate: 2022-06-17 19:33:52 +0000 linux(4): Limit user-supplied sockaddr length in recvfrom(). Differential Revision: https://reviews.freebsd.org/D34726 (cherry picked from commit bb0f644cd680d20b3112f6c14dc853171f497a88) --- sys/compat/linux/linux_socket.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c index 16e8c7dadb98..622e25651dbb 100644 --- a/sys/compat/linux/linux_socket.c +++ b/sys/compat/linux/linux_socket.c @@ -1272,6 +1272,7 @@ linux_recvfrom(struct thread *td, struct linux_recvfrom_args *args) return (error); if (fromlen < 0) return (EINVAL); + fromlen = min(fromlen, SOCK_MAXADDRLEN); sa = malloc(fromlen, M_SONAME, M_WAITOK); } else { fromlen = 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206171939.25HJd8fg015606>