diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2018-11-17 20:46:13 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2018-11-17 20:46:13 +0000 |
| commit | 660a8098742488fed8eaed56e3428d66271ab342 (patch) | |
| tree | 2fa806bf7b174736a4c325bd1475467ad7f3881e /usr.bin | |
| parent | b7040577ec9a71296c5e8bb548f9d3173fe4f679 (diff) | |
Be more careful when dumping cmsghdr struct. In the SCM_RIGHTS case an
extra check for a truncated cmsghdr needs to be done since the embeded
lenght may be longer than the supplied buffer (MSG_CTRUNC case).
OK deraadt@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/kdump/ktrstruct.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.bin/kdump/ktrstruct.c b/usr.bin/kdump/ktrstruct.c index 097cc6b5c49..217ba42ae06 100644 --- a/usr.bin/kdump/ktrstruct.c +++ b/usr.bin/kdump/ktrstruct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ktrstruct.c,v 1.27 2018/11/08 18:35:56 otto Exp $ */ +/* $OpenBSD: ktrstruct.c,v 1.28 2018/11/17 20:46:12 claudio Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -501,7 +501,9 @@ ktrcmsghdr(char *data, socklen_t len) printf("SCM_RIGHTS, data="); fds = (int *)CMSG_DATA(cmsg); for (i = 0; - cmsg->cmsg_len > CMSG_LEN(sizeof(int) * i); + cmsg->cmsg_len > CMSG_LEN(sizeof(int) * i) + && (char *)fds + (i + 1) * sizeof(int) <= + data + len; i++) { printf("%s%d", i ? "," : "", fds[i]); } |