FreeBSD Mail Archives

Date:      Tue, 23 Feb 2010 00:40:02 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r204232 - stable/8/sys/compat/linux
Message-ID:  <201002230040.o1N0e2xS006069@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: delphij
Date: Tue Feb 23 00:40:02 2010
New Revision: 204232
URL: http://svn.freebsd.org/changeset/base/204232

Log:
  MFC r203728:
  
   - Return EAFNOSUPPORT instead of EINVAL for unsupported address family,
     this matches the Linux behavior.
   - Check if we have sufficient space allocated for socket structure, which
     fixes a buffer overflow when wrong length is being passed into the
     emulation layer. [1]
  
  PR:		kern/138860
  Submitted by:	Mateusz Guzik <mjguzik gmail com>
  Reported by:	Alexander Best [1]

Modified:
  stable/8/sys/compat/linux/linux_socket.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)
  stable/8/sys/netinet/   (props changed)

Modified: stable/8/sys/compat/linux/linux_socket.c
==============================================================================
--- stable/8/sys/compat/linux/linux_socket.c	Tue Feb 23 00:34:20 2010	(r204231)
+++ stable/8/sys/compat/linux/linux_socket.c	Tue Feb 23 00:40:02 2010	(r204232)
@@ -128,7 +128,7 @@ do_sa_get(struct sockaddr **sap, const s
 
 	bdom = linux_to_bsd_domain(kosa->sa_family);
 	if (bdom == -1) {
-		error = EINVAL;
+		error = EAFNOSUPPORT;
 		goto out;
 	}
 
@@ -157,8 +157,13 @@ do_sa_get(struct sockaddr **sap, const s
 		}
 	} else
 #endif
-	if (bdom == AF_INET)
+	if (bdom == AF_INET) {
 		alloclen = sizeof(struct sockaddr_in);
+		if (*osalen < alloclen) {
+			error = EINVAL;
+			goto out;
+		}
+	}
 
 	sa = (struct sockaddr *) kosa;
 	sa->sa_family = bdom;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002230040.o1N0e2xS006069>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation