Page MenuHomeFreeBSD
Files F133111591

D17452.id48837.diff
No OneTemporary
Actions

D17452.id48837.diff
View Options

Index: usr.sbin/nscd/query.c
===================================================================
--- usr.sbin/nscd/query.c
+++ usr.sbin/nscd/query.c
@@ -160,7 +160,7 @@
struct cmsgcred *cred;
int elem_type;
- struct {
+ union {
struct cmsghdr hdr;
char cred[CMSG_SPACE(sizeof(struct cmsgcred))];
} cmsg;
@@ -171,8 +171,8 @@
memset(&cred_hdr, 0, sizeof(struct msghdr));
cred_hdr.msg_iov = &iov;
cred_hdr.msg_iovlen = 1;
- cred_hdr.msg_control = (caddr_t)&cmsg;
- cred_hdr.msg_controllen = CMSG_LEN(sizeof(struct cmsgcred));
+ cred_hdr.msg_control = &cmsg;
+ cred_hdr.msg_controllen = sizeof(cmsg);
memset(&iov, 0, sizeof(struct iovec));
iov.iov_base = &elem_type;
@@ -183,9 +183,22 @@
return (-1);
}
- if (cmsg.hdr.cmsg_len < CMSG_LEN(sizeof(struct cmsgcred))
- || cmsg.hdr.cmsg_level != SOL_SOCKET
- || cmsg.hdr.cmsg_type != SCM_CREDS) {
+ if (cred_hdr.msg_flags & (MSG_CTRUNC | MSG_TRUNC)) {
+ TRACE_OUT(on_query_startup);
+ return (-1);
+ }
+
+ if (cmsg.hdr.cmsg_len < CMSG_LEN(sizeof(struct cmsgcred))) {
+ TRACE_OUT(on_query_startup);
+ return (-1);
+ }
+
+ if (cmsg.hdr.cmsg_level != SOL_SOCKET) {
+ TRACE_OUT(on_query_startup);
+ return (-1);
+ }
+
+ if (cmsg.hdr.cmsg_type != SCM_CREDS) {
TRACE_OUT(on_query_startup);
return (-1);
}

File Metadata

Mime Type
text/plain
Expires
Fri, Oct 24, 1:59 AM (56 m, 24 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
24113045
Default Alt Text
D17452.id48837.diff (1 KB)

Event Timeline