| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: uipc_syscalls.c,v 1.173 2014/09/05 09:20:59 matt Exp $ */ | | 1 | /* $NetBSD: uipc_syscalls.c,v 1.174 2015/03/06 03:35:00 rtr Exp $ */ |
2 | | | 2 | |
3 | /*- | | 3 | /*- |
4 | * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. | | 4 | * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. |
5 | * All rights reserved. | | 5 | * All rights reserved. |
6 | * | | 6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation | | 7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Andrew Doran. | | 8 | * by Andrew Doran. |
9 | * | | 9 | * |
10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
12 | * are met: | | 12 | * are met: |
13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -51,27 +51,27 @@ | | | @@ -51,27 +51,27 @@ |
51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | | 51 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 52 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 53 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 54 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 55 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 56 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 57 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
58 | * SUCH DAMAGE. | | 58 | * SUCH DAMAGE. |
59 | * | | 59 | * |
60 | * @(#)uipc_syscalls.c 8.6 (Berkeley) 2/14/95 | | 60 | * @(#)uipc_syscalls.c 8.6 (Berkeley) 2/14/95 |
61 | */ | | 61 | */ |
62 | | | 62 | |
63 | #include <sys/cdefs.h> | | 63 | #include <sys/cdefs.h> |
64 | __KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.173 2014/09/05 09:20:59 matt Exp $"); | | 64 | __KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.174 2015/03/06 03:35:00 rtr Exp $"); |
65 | | | 65 | |
66 | #include "opt_pipe.h" | | 66 | #include "opt_pipe.h" |
67 | | | 67 | |
68 | #include <sys/param.h> | | 68 | #include <sys/param.h> |
69 | #include <sys/systm.h> | | 69 | #include <sys/systm.h> |
70 | #include <sys/filedesc.h> | | 70 | #include <sys/filedesc.h> |
71 | #include <sys/proc.h> | | 71 | #include <sys/proc.h> |
72 | #include <sys/file.h> | | 72 | #include <sys/file.h> |
73 | #include <sys/buf.h> | | 73 | #include <sys/buf.h> |
74 | #define MBUFTYPES | | 74 | #define MBUFTYPES |
75 | #include <sys/mbuf.h> | | 75 | #include <sys/mbuf.h> |
76 | #include <sys/protosw.h> | | 76 | #include <sys/protosw.h> |
77 | #include <sys/socket.h> | | 77 | #include <sys/socket.h> |
| @@ -1453,26 +1453,32 @@ sockargs(struct mbuf **mp, const void *b | | | @@ -1453,26 +1453,32 @@ sockargs(struct mbuf **mp, const void *b |
1453 | { | | 1453 | { |
1454 | struct sockaddr *sa; | | 1454 | struct sockaddr *sa; |
1455 | struct mbuf *m; | | 1455 | struct mbuf *m; |
1456 | int error; | | 1456 | int error; |
1457 | | | 1457 | |
1458 | /* | | 1458 | /* |
1459 | * We can't allow socket names > UCHAR_MAX in length, since that | | 1459 | * We can't allow socket names > UCHAR_MAX in length, since that |
1460 | * will overflow sa_len. Control data more than a page size in | | 1460 | * will overflow sa_len. Control data more than a page size in |
1461 | * length is just too much. | | 1461 | * length is just too much. |
1462 | */ | | 1462 | */ |
1463 | if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE)) | | 1463 | if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE)) |
1464 | return EINVAL; | | 1464 | return EINVAL; |
1465 | | | 1465 | |
| | | 1466 | /* |
| | | 1467 | * length must greater than sizeof(sa_family) + sizeof(sa_len) |
| | | 1468 | */ |
| | | 1469 | if (type == MT_SONAME && buflen <= 2) |
| | | 1470 | return EINVAL; |
| | | 1471 | |
1466 | /* Allocate an mbuf to hold the arguments. */ | | 1472 | /* Allocate an mbuf to hold the arguments. */ |
1467 | m = m_get(M_WAIT, type); | | 1473 | m = m_get(M_WAIT, type); |
1468 | /* can't claim. don't who to assign it to. */ | | 1474 | /* can't claim. don't who to assign it to. */ |
1469 | if (buflen > MLEN) { | | 1475 | if (buflen > MLEN) { |
1470 | /* | | 1476 | /* |
1471 | * Won't fit into a regular mbuf, so we allocate just | | 1477 | * Won't fit into a regular mbuf, so we allocate just |
1472 | * enough external storage to hold the argument. | | 1478 | * enough external storage to hold the argument. |
1473 | */ | | 1479 | */ |
1474 | MEXTMALLOC(m, buflen, M_WAITOK); | | 1480 | MEXTMALLOC(m, buflen, M_WAITOK); |
1475 | } | | 1481 | } |
1476 | m->m_len = buflen; | | 1482 | m->m_len = buflen; |
1477 | error = copyin(bf, mtod(m, void *), buflen); | | 1483 | error = copyin(bf, mtod(m, void *), buflen); |
1478 | if (error) { | | 1484 | if (error) { |