d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix handling of ancillary data on non-AF_UNIX Linux sockets.

Browse Source 
After r340674, the "continue" would restart the loop without having
updated clen, resulting in an infinite loop.  Restore the old behaviour
of simply ignoring all control messages on such sockets, since we
currently only implement handling for AF_UNIX-specific messages.

Reported by:	syzkaller
Reviewed by:	tijl
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D26093
This commit is contained in:
markj 2020-08-18 14:17:14 +00:00
parent 3255ac714c
commit adaa7ce8e9
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/compat/linux/linux_socket.c
View File

@ -1067,7 +1067,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struct l_msghdr *msghdr,
* FreeBSD system call interface.
*/
if (sa_family != AF_UNIX)
continue;
goto next;
if (cmsg->cmsg_type == SCM_CREDS) {
len = sizeof(struct cmsgcred);
@ -1094,6 +1094,7 @@ linux_sendmsg_common(struct thread *td, l_int s, struct l_msghdr *msghdr,
data = (char *)data + CMSG_SPACE(len);
datalen += CMSG_SPACE(len);
next:
if (clen <= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len))
break;