the kernel wrongly expects the cmsg length field to be size_t instead
of socklen_t. in order to work around the issue, we have to impose a
length limit and copy to a local buffer. the length limit should be
more than sufficient for any real-world use; these headers are only
used for passing file descriptors and permissions between processes
over unix sockets.
socklen_t msg_controllen;
int msg_flags;
};
+
+struct cmsghdr
+{
+ socklen_t cmsg_len;
+ int cmsg_level;
+ int cmsg_type;
+};
socklen_t msg_controllen;
int msg_flags;
};
+
+struct cmsghdr
+{
+ socklen_t cmsg_len;
+ int cmsg_level;
+ int cmsg_type;
+};
socklen_t msg_controllen;
int msg_flags;
};
+
+struct cmsghdr
+{
+ socklen_t cmsg_len;
+ int cmsg_level;
+ int cmsg_type;
+};
socklen_t msg_controllen, __pad2;
int msg_flags;
};
+
+struct cmsghdr
+{
+ socklen_t cmsg_len;
+ int __pad1;
+ int cmsg_level;
+ int cmsg_type;
+};
#include <bits/socket.h>
-struct cmsghdr
-{
- socklen_t cmsg_len;
- int cmsg_level;
- int cmsg_type;
-};
-
struct ucred
{
pid_t pid;
#include <sys/socket.h>
#include <limits.h>
+#include <string.h>
+#include <errno.h>
#include "syscall.h"
#include "libc.h"
{
#if LONG_MAX > INT_MAX
struct msghdr h;
+ struct cmsghdr chbuf[1024/sizeof(struct cmsghdr)+1], *c;
if (msg) {
h = *msg;
h.__pad1 = h.__pad2 = 0;
msg = &h;
+ if (h.msg_controllen) {
+ if (h.msg_controllen > 1024) {
+ errno = ENOMEM;
+ return -1;
+ }
+ memcpy(chbuf, h.msg_control, h.msg_controllen);
+ h.msg_control = chbuf;
+ for (c=CMSG_FIRSTHDR(&h); c; c=CMSG_NXTHDR(&h,c))
+ c->__pad1 = 0;
+ }
}
#endif
return socketcall_cp(sendmsg, fd, msg, flags, 0, 0, 0);
projects / oweals / musl.git / commitdiff