Date: Tue, 9 Feb 2010 22:30:51 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r203728 - head/sys/compat/linux Message-ID: <201002092230.o19MUpKw000676@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Feb 9 22:30:51 2010 New Revision: 203728 URL: http://svn.freebsd.org/changeset/base/203728 Log: - Return EAFNOSUPPORT instead of EINVAL for unsupported address family, this matches the Linux behavior. - Check if we have sufficient space allocated for socket structure, which fixes a buffer overflow when wrong length is being passed into the emulation layer. [1] PR: kern/138860 Submitted by: Mateusz Guzik <mjguzik gmail com> Reported by: Alexander Best [1] MFC after: 2 weeks Modified: head/sys/compat/linux/linux_socket.c Modified: head/sys/compat/linux/linux_socket.c ============================================================================== --- head/sys/compat/linux/linux_socket.c Tue Feb 9 22:15:59 2010 (r203727) +++ head/sys/compat/linux/linux_socket.c Tue Feb 9 22:30:51 2010 (r203728) @@ -128,7 +128,7 @@ do_sa_get(struct sockaddr **sap, const s bdom = linux_to_bsd_domain(kosa->sa_family); if (bdom == -1) { - error = EINVAL; + error = EAFNOSUPPORT; goto out; } @@ -157,8 +157,13 @@ do_sa_get(struct sockaddr **sap, const s } } else #endif - if (bdom == AF_INET) + if (bdom == AF_INET) { alloclen = sizeof(struct sockaddr_in); + if (*osalen < alloclen) { + error = EINVAL; + goto out; + } + } sa = (struct sockaddr *) kosa; sa->sa_family = bdom;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002092230.o19MUpKw000676>