Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Sep 2011 21:05:37 -0400
From:      Michael Butler <imb@protected-networks.net>
To:        Jeremy Chadwick <freebsd@jdc.parodius.com>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: linux-f10-flashplugin
Message-ID:  <4E8515E1.6050902@protected-networks.net>
In-Reply-To: <20110929223047.GA3868@icarus.home.lan>
References:  <20110928104226.2e53343f@cox.net> <587271317225583@web125.yandex.ru> <20110928115008.3d121d38@cox.net> <20110928121035.568ff6e6@cox.net> <753371317233305@web145.yandex.ru> <20110929175755.GA1694@callisto.augenstein.ten> <4E84BBE3.1090701@protected-networks.net> <20110929195001.GF2677@vim.isi.edu> <20110929220659.00002e73@unknown> <20110929235648.50d921f1@callisto.augenstein.ten> <20110929223047.GA3868@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 09/29/11 18:30, Jeremy Chadwick wrote:
> On Thu, Sep 29, 2011 at 11:56:48PM +0200, Norbert Augenstein wrote:

  [ .. snip .. ]

>> it seems that
>> http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc
>> is the culprit.
>
> Just for clarification:
>
> Said fix might explain the "ERROR: failed to initialize plugin-side RPC
> client connection" problem, but would not explain the getpwuid_r()
> problem.

I reverted this piece of r225827 below against 10-CURRENT (at r225881) 
and flash works once again.

Index: uipc_usrreq.c
===================================================================
--- uipc_usrreq.c       (revision 225826)
+++ uipc_usrreq.c       (revision 225827)
@@ -462,6 +462,8 @@
         unp = sotounpcb(so);
         KASSERT(unp != NULL, ("uipc_bind: unp == NULL"));

+       if (soun->sun_len > sizeof(struct sockaddr_un))
+               return (EINVAL);
         namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path);
         if (namelen <= 0)
                 return (EINVAL);
@@ -1252,6 +1254,8 @@
         unp = sotounpcb(so);
         KASSERT(unp != NULL, ("unp_connect: unp == NULL"));

+       if (nam->sa_len > sizeof(struct sockaddr_un))
+               return (EINVAL);
         len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
         if (len <= 0)
                 return (EINVAL);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E8515E1.6050902>