Module Name: src
Committed By: rtr
Date: Fri Mar 6 03:35:00 UTC 2015
Modified Files:
src/sys/kern: uipc_syscalls.c
Log Message:
Return EINVAL if namelen isn't large enough to encompass the expected
members of sockaddr structures. i.e. sa_len and sa_family.
Discussed with and patch by christos@
To generate a diff of this commit:
cvs rdiff -u -r1.173 -r1.174 src/sys/kern/uipc_syscalls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_syscalls.c
diff -u src/sys/kern/uipc_syscalls.c:1.173 src/sys/kern/uipc_syscalls.c:1.174
--- src/sys/kern/uipc_syscalls.c:1.173 Fri Sep 5 09:20:59 2014
+++ src/sys/kern/uipc_syscalls.c Fri Mar 6 03:35:00 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_syscalls.c,v 1.173 2014/09/05 09:20:59 matt Exp $ */
+/* $NetBSD: uipc_syscalls.c,v 1.174 2015/03/06 03:35:00 rtr Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.173 2014/09/05 09:20:59 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.174 2015/03/06 03:35:00 rtr Exp $");
#include "opt_pipe.h"
@@ -1463,6 +1463,12 @@ sockargs(struct mbuf **mp, const void *b
if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE))
return EINVAL;
+ /*
+ * length must greater than sizeof(sa_family) + sizeof(sa_len)
+ */
+ if (type == MT_SONAME && buflen <= 2)
+ return EINVAL;
+
/* Allocate an mbuf to hold the arguments. */
m = m_get(M_WAIT, type);
/* can't claim. don't who to assign it to. */
