diff options
author | Niels Provos <provos@cvs.openbsd.org> | 1997-12-16 22:59:13 +0000 |
---|---|---|
committer | Niels Provos <provos@cvs.openbsd.org> | 1997-12-16 22:59:13 +0000 |
commit | 31ef532e772c3ac5660c12bda77b76b27ff89c74 (patch) | |
tree | 1b7705f424de3cdaf7859bbc3d2210be238a6153 | |
parent | 4e5199a3f098dbcf1e3807e1a29086b35ed9a45c (diff) |
evaluate length before doing compat stuff which might overwrite the
length field we are going to evaluate. From FreeBSD, originally submitted
by: pb@fasterix.freenix.org (Pierre Beyssac)
-rw-r--r-- | sys/kern/uipc_syscalls.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index 8a87ff148e6..7ab4f5536b6 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_syscalls.c,v 1.5 1997/06/05 03:20:47 deraadt Exp $ */ +/* $OpenBSD: uipc_syscalls.c,v 1.6 1997/12/16 22:59:12 provos Exp $ */ /* $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $ */ /* @@ -663,14 +663,15 @@ recvit(p, s, mp, namelenp, retsize) if (len <= 0 || from == 0) len = 0; else { + /* save sa_len before it is destroyed by MSG_COMPAT */ + if (len > from->m_len) + len = from->m_len; + /* else if len < from->m_len ??? */ #ifdef COMPAT_OLDSOCK if (mp->msg_flags & MSG_COMPAT) mtod(from, struct osockaddr *)->sa_family = mtod(from, struct sockaddr *)->sa_family; #endif - if (len > from->m_len) - len = from->m_len; - /* else if len < from->m_len ??? */ error = copyout(mtod(from, caddr_t), (caddr_t)mp->msg_name, (unsigned)len); if (error) |