Fri Mar 6 03:35:00 2015 UTC ()
Return EINVAL if namelen isn't large enough to encompass the expected
members of sockaddr structures. i.e. sa_len and sa_family.

Discussed with and patch by christos@


(rtr)
diff -r1.173 -r1.174 src/sys/kern/uipc_syscalls.c
cvs diff -r1.173 -r1.174 src/sys/kern/uipc_syscalls.c (expand / switch to context diff)
--- src/sys/kern/uipc_syscalls.c 2014/09/05 09:20:59 1.173
+++ src/sys/kern/uipc_syscalls.c 2015/03/06 03:35:00 1.174
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_syscalls.c,v 1.173 2014/09/05 09:20:59 matt Exp $	*/
+/*	$NetBSD: uipc_syscalls.c,v 1.174 2015/03/06 03:35:00 rtr Exp $	*/
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.173 2014/09/05 09:20:59 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.174 2015/03/06 03:35:00 rtr Exp $");
 
 #include "opt_pipe.h"
 
@@ -1461,6 +1461,12 @@
 	 * length is just too much.
 	 */
 	if (buflen > (type == MT_SONAME ? UCHAR_MAX : PAGE_SIZE))
+		return EINVAL;
+
+	/*
+	 * length must greater than sizeof(sa_family) + sizeof(sa_len)
+	 */
+	if (type == MT_SONAME && buflen <= 2)
 		return EINVAL;
 
 	/* Allocate an mbuf to hold the arguments. */