From 28361d3986bf3dd9456079144d6e62d0e92728af Mon Sep 17 00:00:00 2001 From: cem Date: Wed, 29 Mar 2017 21:26:13 +0000 Subject: [PATCH] t_msgsnd: Use msgsnd()'s msgsz argument correctly to avoid overflow msgsnd's msgsz argument is the size of the message following the 'long' message type. Don't include the message type in the size of the message when invoking msgsnd(2). Reported by: Coverity CID: 1368712 Sponsored by: Dell EMC Isilon --- contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c b/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c index 598882131a7d..b1d95e3cbca6 100644 --- a/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c +++ b/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c @@ -234,7 +234,7 @@ ATF_TC_BODY(msgsnd_nonblock, tc) for (;;) { errno = 0; - rv = msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); + rv = msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); if (rv == -1 && errno == EAGAIN) _exit(EXIT_SUCCESS);