Module Name: src
Committed By: martin
Date: Tue Apr 16 01:02:41 UTC 2019
Modified Files:
src/sys/kern: sys_mqueue.c
Log Message:
mq_send1: fix argument validation and reject too large lengths early.
Discovered by Andy Nguyen.
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/sys/kern/sys_mqueue.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/sys_mqueue.c
diff -u src/sys/kern/sys_mqueue.c:1.43 src/sys/kern/sys_mqueue.c:1.44
--- src/sys/kern/sys_mqueue.c:1.43 Sun Aug 19 15:10:23 2018
+++ src/sys/kern/sys_mqueue.c Tue Apr 16 01:02:41 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_mqueue.c,v 1.43 2018/08/19 15:10:23 jakllsch Exp $ */
+/* $NetBSD: sys_mqueue.c,v 1.44 2019/04/16 01:02:41 martin Exp $ */
/*
* Copyright (c) 2007-2011 Mindaugas Rasiukevicius <rmind at NetBSD org>
@@ -43,7 +43,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.43 2018/08/19 15:10:23 jakllsch Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_mqueue.c,v 1.44 2019/04/16 01:02:41 martin Exp $");
#include <sys/param.h>
#include <sys/types.h>
@@ -807,6 +807,8 @@ mq_send1(mqd_t mqdes, const char *msg_pt
return EINVAL;
/* Allocate a new message */
+ if (msg_len > mq_max_msgsize)
+ return EMSGSIZE;
size = sizeof(struct mq_msg) + msg_len;
if (size > mq_max_msgsize)
return EMSGSIZE;
