Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F95904989
D35317.id106374.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
1 KB
Referenced Files
None
Subscribers
None
D35317.id106374.diff
View Options
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -2241,6 +2241,19 @@
oldfds = datalen / sizeof (int);
if (oldfds == 0)
break;
+ /* On some machines sizeof pointer is bigger than
+ * sizeof int, so we need to check if data fits into
+ * single mbuf. We could allocate several mbufs, and
+ * unp_externalize() should even properly handle that.
+ * But it is not worth to complicate the code for an
+ * insane scenario of passing over 200 file descriptors
+ * at once.
+ */
+ newlen = oldfds * sizeof(fdep[0]);
+ if (CMSG_SPACE(newlen) > MCLBYTES) {
+ error = EMSGSIZE;
+ goto out;
+ }
/*
* Check that all the FDs passed in refer to legal
* files. If not, reject the entire operation.
@@ -2265,7 +2278,6 @@
* Now replace the integer FDs with pointers to the
* file structure and capability rights.
*/
- newlen = oldfds * sizeof(fdep[0]);
*controlp = sbcreatecontrol(NULL, newlen,
SCM_RIGHTS, SOL_SOCKET, M_WAITOK);
fdp = data;
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Sep 23, 11:58 PM (3 h, 28 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
12571646
Default Alt Text
D35317.id106374.diff (1 KB)
Attached To
Mode
D35317: unix/*: check new control size in unp_internalize()
Attached
Detach File
Event Timeline
Log In to Comment