diff options
author | Dmitry Chagin <dchagin@FreeBSD.org> | 2022-04-11 20:29:45 +0000 |
---|---|---|
committer | Dmitry Chagin <dchagin@FreeBSD.org> | 2022-04-11 20:29:45 +0000 |
commit | bb46e9b5107fd8763742f7e55b66ea2e574f5815 (patch) | |
tree | 3a81e53e1f29b26f9abcf0f15412aead1faaa4dd | |
parent | 6ca0ca7b4cb527dc17c289f1ae177ec267fd1add (diff) | |
download | src-bb46e9b5107fd8763742f7e55b66ea2e574f5815.tar.gz src-bb46e9b5107fd8763742f7e55b66ea2e574f5815.zip |
linux(4): Prevent an attempt to copy an uninitialized source address.
PR: 259380
MFC after: 3 days
-rw-r--r-- | sys/compat/linux/linux_socket.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c index 453a6621d9a7..935d07ecb7e0 100644 --- a/sys/compat/linux/linux_socket.c +++ b/sys/compat/linux/linux_socket.c @@ -1289,8 +1289,16 @@ linux_recvfrom(struct thread *td, struct linux_recvfrom_args *args) if (error != 0) goto out; - if (PTRIN(args->from) != NULL) - error = linux_copyout_sockaddr(sa, PTRIN(args->from), msg.msg_namelen); + /* + * XXX. Seems that FreeBSD is different from Linux here. Linux + * fill source address if underlying protocol provides it, while + * FreeBSD fill it if underlying protocol is not connection-oriented. + * So, kern_recvit() set msg.msg_namelen to 0 if protocol pr_flags + * does not contains PR_ADDR flag. + */ + if (PTRIN(args->from) != NULL && msg.msg_namelen != 0) + error = linux_copyout_sockaddr(sa, PTRIN(args->from), + msg.msg_namelen); if (error == 0 && PTRIN(args->fromlen) != NULL) error = copyout(&msg.msg_namelen, PTRIN(args->fromlen), |