Module Name: src Committed By: rtr Date: Fri Mar 6 03:35:00 UTC 2015
Modified Files: src/sys/kern: uipc_syscalls.c Log Message: Return EINVAL if namelen isn't large enough to encompass the expected members of sockaddr structures. i.e. sa_len and sa_family. Discussed with and patch by christos@ To generate a diff of this commit: cvs rdiff -u -r1.173 -r1.174 src/sys/kern/uipc_syscalls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/uipc_syscalls.c diff -u src/sys/kern/uipc_syscalls.c:1.173 src/sys/kern/uipc_syscalls.c:1.174 --- src/sys/kern/uipc_syscalls.c:1.173 Fri Sep 5 09:20:59 2014 +++ src/sys/kern/uipc_syscalls.c Fri Mar 6 03:35:00 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: uipc_syscalls.c,v 1.173 2014/09/05 09:20:59 matt Exp $ */ +/* $NetBSD: uipc_syscalls.c,v 1.174 2015/03/06 03:35:00 rtr Exp $ */ /*- * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. @@ -61,7 +61,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.173 2014/09/05 09:20:59 matt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.174 2015/03/06 03:35:00 rtr Exp $"); #include "opt_pipe.h" @@ -1463,6 +1463,12 @@ sockargs(struct mbuf **mp, const void *b if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE)) return EINVAL; + /* + * length must greater than sizeof(sa_family) + sizeof(sa_len) + */ + if (type == MT_SONAME && buflen <= 2) + return EINVAL; + /* Allocate an mbuf to hold the arguments. */ m = m_get(M_WAIT, type); /* can't claim. don't who to assign it to. */