Module Name: src
Committed By: snj
Date: Tue Nov 13 16:55:22 UTC 2018
Modified Files:
src/sys/compat/netbsd32 [netbsd-8]: netbsd32_socket.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1093):
sys/compat/netbsd32/netbsd32_socket.c: 1.48
Fix inverted logic, which leads to buffer overflow. Detected by kASan.
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.44.8.1 src/sys/compat/netbsd32/netbsd32_socket.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/compat/netbsd32/netbsd32_socket.c
diff -u src/sys/compat/netbsd32/netbsd32_socket.c:1.44 src/sys/compat/netbsd32/netbsd32_socket.c:1.44.8.1
--- src/sys/compat/netbsd32/netbsd32_socket.c:1.44 Tue Sep 13 07:01:07 2016
+++ src/sys/compat/netbsd32/netbsd32_socket.c Tue Nov 13 16:55:22 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: netbsd32_socket.c,v 1.44 2016/09/13 07:01:07 martin Exp $ */
+/* $NetBSD: netbsd32_socket.c,v 1.44.8.1 2018/11/13 16:55:22 snj Exp $ */
/*
* Copyright (c) 1998, 2001 Matthew R. Green
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.44 2016/09/13 07:01:07 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_socket.c,v 1.44.8.1 2018/11/13 16:55:22 snj Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -99,7 +99,7 @@ copyout32_msg_control_mbuf(struct lwp *l
}
ktrkuser("msgcontrol", cmsg, cmsg->cmsg_len);
- error = copyout(&cmsg32, *q, MAX(i, sizeof(cmsg32)));
+ error = copyout(&cmsg32, *q, MIN(i, sizeof(cmsg32)));
if (error)
return (error);
if (i > CMSG32_LEN(0)) {
