Module Name: src Committed By: martin Date: Tue Apr 16 01:02:41 UTC 2019
Modified Files: src/sys/kern: sys_mqueue.c Log Message: mq_send1: fix argument validation and reject too large lengths early. Discovered by Andy Nguyen. To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.44 src/sys/kern/sys_mqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/sys_mqueue.c diff -u src/sys/kern/sys_mqueue.c:1.43 src/sys/kern/sys_mqueue.c:1.44 --- src/sys/kern/sys_mqueue.c:1.43 Sun Aug 19 15:10:23 2018 +++ src/sys/kern/sys_mqueue.c Tue Apr 16 01:02:41 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_mqueue.c,v 1.43 2018/08/19 15:10:23 jakllsch Exp $ */ +/* $NetBSD: sys_mqueue.c,v 1.44 2019/04/16 01:02:41 martin Exp $ */ /* * Copyright (c) 2007-2011 Mindaugas Rasiukevicius <rmind at NetBSD org> @@ -43,7 +43,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.43 2018/08/19 15:10:23 jakllsch Exp $"); +__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.44 2019/04/16 01:02:41 martin Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -807,6 +807,8 @@ mq_send1(mqd_t mqdes, const char *msg_pt return EINVAL; /* Allocate a new message */ + if (msg_len > mq_max_msgsize) + return EMSGSIZE; size = sizeof(struct mq_msg) + msg_len; if (size > mq_max_msgsize) return EMSGSIZE;