Module Name: src Committed By: snj Date: Tue Nov 13 16:55:22 UTC 2018
Modified Files: src/sys/compat/netbsd32 [netbsd-8]: netbsd32_socket.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1093): sys/compat/netbsd32/netbsd32_socket.c: 1.48 Fix inverted logic, which leads to buffer overflow. Detected by kASan. To generate a diff of this commit: cvs rdiff -u -r1.44 -r1.44.8.1 src/sys/compat/netbsd32/netbsd32_socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/compat/netbsd32/netbsd32_socket.c diff -u src/sys/compat/netbsd32/netbsd32_socket.c:1.44 src/sys/compat/netbsd32/netbsd32_socket.c:1.44.8.1 --- src/sys/compat/netbsd32/netbsd32_socket.c:1.44 Tue Sep 13 07:01:07 2016 +++ src/sys/compat/netbsd32/netbsd32_socket.c Tue Nov 13 16:55:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: netbsd32_socket.c,v 1.44 2016/09/13 07:01:07 martin Exp $ */ +/* $NetBSD: netbsd32_socket.c,v 1.44.8.1 2018/11/13 16:55:22 snj Exp $ */ /* * Copyright (c) 1998, 2001 Matthew R. Green @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.44 2016/09/13 07:01:07 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.44.8.1 2018/11/13 16:55:22 snj Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -99,7 +99,7 @@ copyout32_msg_control_mbuf(struct lwp *l } ktrkuser("msgcontrol", cmsg, cmsg->cmsg_len); - error = copyout(&cmsg32, *q, MAX(i, sizeof(cmsg32))); + error = copyout(&cmsg32, *q, MIN(i, sizeof(cmsg32))); if (error) return (error); if (i > CMSG32_LEN(0)) {