Page MenuHomeFreeBSD
Differential D55881

linux: Fix sockopt copyout
Needs ReviewPublic
Actions

Authored by chuck on Mon, Mar 16, 6:34 PM.

Details

Reviewers
emaste
kib
markj
Summary

The Linux getsockopt did not check the size of the provided buffer when
copying out the value, leading to buffer overflows (e.g., for TCP_INFO).

Fix is to use the smaller of the option value size and the provided
buffer.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 71430
Build 68313: arc lint + arc unit

Event Timeline

chuck created this revision.Mon, Mar 16, 6:34 PM
Herald added a subscriber: imp. · View Herald TranscriptMon, Mar 16, 6:34 PM
chuck requested review of this revision.Mon, Mar 16, 6:34 PM
Harbormaster completed remote builds in B71430: Diff 173763.Mon, Mar 16, 6:34 PM
chuck added a child revision: D55882: linux: Add TCP_INFO support.Mon, Mar 16, 6:35 PM
kib added inline comments.Mon, Mar 16, 8:43 PM
sys/compat/linux/linux_socket.c
2199

Is it right to use FreeBSD-native type for socklen? Do we need e.g. linux_socklen_t, if we do not have it already?

chuck added inline comments.Tue, Mar 17, 2:43 PM
sys/compat/linux/linux_socket.c
2199

There is a l_socklen_t in sys/amd64/linux/linux.h, but it is defined as an l_ulong. Since linux_getsockopt_args defines optlen as l_uintptr_t, perhaps this should be l_uint?

kib added inline comments.Tue, Mar 17, 3:16 PM
sys/compat/linux/linux_socket.c
2199

But why l_uint? It should be l_socklen_t, no?

Revision Contents
Changeset List

PathSize
sys/
compat/
linux/
7 lines

Diff 173763

View Options

sys/compat/linux/linux_socket.c

Loading...