Author: delphij
Date: Tue Feb 23 00:41:40 2010
New Revision: 204233
URL: http://svn.freebsd.org/changeset/base/204233
Log:
MFC r203728:
- Return EAFNOSUPPORT instead of EINVAL for unsupported address family,
this matches the Linux behavior.
- Check if we have sufficient space allocated for socket structure, which
fixes a buffer overflow when wrong length is being passed into the
emulation layer. [1]
PR: kern/138860
Submitted by: Mateusz Guzik <mjguzik gmail com>
Reported by: Alexander Best [1]
Modified:
stable/7/sys/compat/linux/linux_socket.c
Directory Properties:
stable/7/sys/ (props changed)
stable/7/sys/cddl/contrib/opensolaris/ (props changed)
stable/7/sys/contrib/dev/acpica/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
Modified: stable/7/sys/compat/linux/linux_socket.c
==============================================================================
--- stable/7/sys/compat/linux/linux_socket.c Tue Feb 23 00:40:02 2010
(r204232)
+++ stable/7/sys/compat/linux/linux_socket.c Tue Feb 23 00:41:40 2010
(r204233)
@@ -126,7 +126,7 @@ do_sa_get(struct sockaddr **sap, const s
bdom = linux_to_bsd_domain(kosa->sa_family);
if (bdom == -1) {
- error = EINVAL;
+ error = EAFNOSUPPORT;
goto out;
}
@@ -155,8 +155,13 @@ do_sa_get(struct sockaddr **sap, const s
}
} else
#endif
- if (bdom == AF_INET)
+ if (bdom == AF_INET) {
alloclen = sizeof(struct sockaddr_in);
+ if (*osalen < alloclen) {
+ error = EINVAL;
+ goto out;
+ }
+ }
sa = (struct sockaddr *) kosa;
sa->sa_family = bdom;
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
