Changeset View
Changeset View
Standalone View
Standalone View
sys/netinet/ip_output.c
Show First 20 Lines • Show All 950 Lines • ▼ Show 20 Lines | |||||
/* | /* | ||||
* IP socket option processing. | * IP socket option processing. | ||||
*/ | */ | ||||
int | int | ||||
ip_ctloutput(struct socket *so, struct sockopt *sopt) | ip_ctloutput(struct socket *so, struct sockopt *sopt) | ||||
{ | { | ||||
struct inpcb *inp = sotoinpcb(so); | struct inpcb *inp = sotoinpcb(so); | ||||
struct mbuf *options; | |||||
int error, optval; | int error, optval; | ||||
#ifdef RSS | #ifdef RSS | ||||
uint32_t rss_bucket; | uint32_t rss_bucket; | ||||
int retval; | int retval; | ||||
#endif | #endif | ||||
error = optval = 0; | error = optval = 0; | ||||
if (sopt->sopt_level != IPPROTO_IP) { | if (sopt->sopt_level != IPPROTO_IP) { | ||||
▲ Show 20 Lines • Show All 270 Lines • ▼ Show 20 Lines | default: | ||||
break; | break; | ||||
} | } | ||||
break; | break; | ||||
case SOPT_GET: | case SOPT_GET: | ||||
switch (sopt->sopt_name) { | switch (sopt->sopt_name) { | ||||
case IP_OPTIONS: | case IP_OPTIONS: | ||||
case IP_RETOPTS: | case IP_RETOPTS: | ||||
if (inp->inp_options) | if (inp->inp_options) { | ||||
unsigned long len = ulmin(inp->inp_options->m_len, sopt->sopt_valsize); | |||||
melifaro: Shouldn't we calculate min(inp->inp_options->m_len, sopt->sopt_valsize) prior to doing the… | |||||
Not Done Inline ActionsYes, we should, will post fix in a few days. jason_eggnet.com: Yes, we should, will post fix in a few days. | |||||
melifaroUnsubmitted Not Done Inline Actionsoptions and len have the same scope. Why do we declare them in different places? melifaro: options and len have the same scope. Why do we declare them in different places? | |||||
options = malloc(len, M_TEMP, M_WAITOK); | |||||
INP_RLOCK(inp); | |||||
bcopy(inp->inp_options, options, len); | |||||
INP_RUNLOCK(inp); | |||||
error = sooptcopyout(sopt, | error = sooptcopyout(sopt, | ||||
mtod(inp->inp_options, | mtod(options, | ||||
char *), | char *), | ||||
inp->inp_options->m_len); | len); | ||||
else | free(options, M_TEMP); | ||||
} else | |||||
sopt->sopt_valsize = 0; | sopt->sopt_valsize = 0; | ||||
break; | break; | ||||
case IP_TOS: | case IP_TOS: | ||||
case IP_TTL: | case IP_TTL: | ||||
case IP_MINTTL: | case IP_MINTTL: | ||||
case IP_RECVOPTS: | case IP_RECVOPTS: | ||||
case IP_RECVRETOPTS: | case IP_RECVRETOPTS: | ||||
▲ Show 20 Lines • Show All 178 Lines • Show Last 20 Lines |
Shouldn't we calculate min(inp->inp_options->m_len, sopt->sopt_valsize) prior to doing the malloc()?
I'm a bit unsure what will happen if userland program calls this option with 4T buffer..