Page MenuHomeFreeBSD
Files F111631095

D36554.diff
No OneTemporary
Actions

D36554.diff
View Options

diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c
--- a/sys/compat/freebsd32/freebsd32_misc.c
+++ b/sys/compat/freebsd32/freebsd32_misc.c
@@ -1556,15 +1556,19 @@
break;
}
cm = (struct cmsghdr *)in1;
- if (cm->cmsg_len < FREEBSD32_ALIGN(sizeof(*cm))) {
+ if (cm->cmsg_len < FREEBSD32_ALIGN(sizeof(*cm)) ||
+ cm->cmsg_len > buflen) {
error = EINVAL;
break;
}
msglen = FREEBSD32_ALIGN(cm->cmsg_len);
- if (msglen > buflen || msglen < cm->cmsg_len) {
+ if (msglen < cm->cmsg_len) {
error = EINVAL;
break;
}
+ /* The native ABI permits the final padding to be omitted. */
+ if (msglen > buflen)
+ msglen = buflen;
buflen -= msglen;
in1 = (char *)in1 + msglen;

File Metadata

Mime Type
text/plain
Expires
Fri, Mar 7, 6:37 AM (18 h, 33 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
17026756
Default Alt Text
D36554.diff (753 B)

Event Timeline