Attachment 45889 Details for Bug 73802 – cmsg-compat-signedness-fix

[patch] cmsg-compat-signedness-fix

cmsg-compat-signedness-fix (text/plain), 5.24 KB, created by Sune Kloppenborg Jeppesen (RETIRED) on 2004-12-13 02:35:58 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sune Kloppenborg Jeppesen (RETIRED)

Created: 2004-12-13 02:35:58 UTC

Size: 5.24 KB

patch

obsolete

>CMSG compat code needs signedness fixes too.
>
>Index: linux-2.4.21/arch/ia64/ia32/sys_ia32.c
>===================================================================
>--- linux-2.4.21.orig/arch/ia64/ia32/sys_ia32.c	2004-12-09 15:49:20.000000000 +0100
>+++ linux-2.4.21/arch/ia64/ia32/sys_ia32.c	2004-12-09 16:08:40.000000000 +0100
>@@ -1330,6 +1330,11 @@ struct cmsghdr32 {
> #define __CMSG32_FIRSTHDR(ctl,len) \
> 	((len) >= sizeof(struct cmsghdr32) ? (struct cmsghdr32 *)(ctl) : (struct cmsghdr32 *)NULL)
> #define CMSG32_FIRSTHDR(msg)	__CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
>+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
>+	   ((ucmlen) >= sizeof(struct cmsghdr) && \
>+	    (ucmlen) <= (unsigned long) \
>+	    ((mhdr)->msg_controllen - \
>+	     ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
> 
> static inline struct cmsghdr32 *
> __cmsg32_nxthdr (void *ctl, __kernel_size_t size, struct cmsghdr32 *cmsg, int cmsg_len)
>@@ -1390,10 +1395,7 @@ get_cmsghdr32 (struct msghdr *kmsg, unsi
> 			return -EFAULT;
> 
> 		/* Catch bogons. */
>-		if (CMSG32_ALIGN(ucmlen) < CMSG32_ALIGN(sizeof(struct cmsghdr32)))
>-			return -EINVAL;
>-		if ((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) + ucmlen)
>-		    > kmsg->msg_controllen)
>+		if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
> 			return -EINVAL;
> 
> 		tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
>Index: linux-2.4.21/arch/ppc64/kernel/sys_ppc32.c
>===================================================================
>--- linux-2.4.21.orig/arch/ppc64/kernel/sys_ppc32.c	2004-12-09 15:49:40.000000000 +0100
>+++ linux-2.4.21/arch/ppc64/kernel/sys_ppc32.c	2004-12-09 16:10:12.000000000 +0100
>@@ -3308,6 +3308,11 @@ asmlinkage long sys32_setsockopt(int fd,
> 				    (struct cmsghdr32 *)(ctl) : \
> 				    (struct cmsghdr32 *)NULL)
> #define CMSG32_FIRSTHDR(msg)	__CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
>+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
>+	   ((ucmlen) >= sizeof(struct cmsghdr) && \
>+	    (ucmlen) <= (unsigned long) \
>+	    ((mhdr)->msg_controllen - \
>+	     ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
> 
> struct msghdr32
> {
>@@ -3483,11 +3488,7 @@ static int cmsghdr_from_user32_to_kern(s
> 			return -EFAULT;
> 
> 		/* Catch bogons. */
>-		if(CMSG32_ALIGN(ucmlen) <
>-		   CMSG32_ALIGN(sizeof(struct cmsghdr32)))
>-			return -EINVAL;
>-		if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
>-				   + ucmlen) > kmsg->msg_controllen)
>+		if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
> 			return -EINVAL;
> 
> 		tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
>Index: linux-2.4.21/arch/s390x/kernel/linux32.c
>===================================================================
>--- linux-2.4.21.orig/arch/s390x/kernel/linux32.c	2004-12-09 15:49:59.000000000 +0100
>+++ linux-2.4.21/arch/s390x/kernel/linux32.c	2004-12-09 16:09:32.000000000 +0100
>@@ -2333,6 +2333,11 @@ struct cmsghdr32 {
> 				    (struct cmsghdr32 *)(ctl) : \
> 				    (struct cmsghdr32 *)NULL)
> #define CMSG32_FIRSTHDR(msg)	__CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
>+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
>+	   ((ucmlen) >= sizeof(struct cmsghdr) && \
>+	    (ucmlen) <= (unsigned long) \
>+	    ((mhdr)->msg_controllen - \
>+	     ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
> 
> __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
> 					      struct cmsghdr32 *__cmsg, int __cmsg_len)
>@@ -2459,11 +2464,7 @@ static int cmsghdr_from_user32_to_kern(s
> 			return -EFAULT;
> 
> 		/* Catch bogons. */
>-		if(CMSG32_ALIGN(ucmlen) <
>-		   CMSG32_ALIGN(sizeof(struct cmsghdr32)))
>-			return -EINVAL;
>-		if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
>-				   + ucmlen) > kmsg->msg_controllen)
>+		if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
> 			return -EINVAL;
> 
> 		tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
>Index: linux-2.4.21/arch/x86_64/ia32/socket32.c
>===================================================================
>--- linux-2.4.21.orig/arch/x86_64/ia32/socket32.c	2004-12-09 15:48:53.000000000 +0100
>+++ linux-2.4.21/arch/x86_64/ia32/socket32.c	2004-12-09 15:57:52.000000000 +0100
>@@ -136,11 +136,7 @@ static int cmsghdr_from_user32_to_kern(s
> 			return -EFAULT;
> 
> 		/* Catch bogons. */
>-		if(CMSG32_ALIGN(ucmlen) <
>-		   CMSG32_ALIGN(sizeof(struct cmsghdr32)))
>-			return -EINVAL;
>-		if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
>-				   + ucmlen) > kmsg->msg_controllen)
>+		if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
> 			return -EINVAL;
> 		if (kmsg->msg_controllen > 65536) 
> 			return -EINVAL;
>Index: linux-2.4.21/include/asm-x86_64/socket32.h
>===================================================================
>--- linux-2.4.21.orig/include/asm-x86_64/socket32.h	2002-11-29 00:53:15.000000000 +0100
>+++ linux-2.4.21/include/asm-x86_64/socket32.h	2004-12-09 15:56:52.000000000 +0100
>@@ -45,6 +45,11 @@ struct cmsghdr32 {
> 				    (struct cmsghdr32 *)(ctl) : \
> 				    (struct cmsghdr32 *)NULL)
> #define CMSG32_FIRSTHDR(msg)	__CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
>+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
>+				   ((ucmlen) >= sizeof(struct cmsghdr) && \
>+				    (ucmlen) <= (unsigned long) \
>+				    ((mhdr)->msg_controllen - \
>+				     ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
> 
> __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
> 					      struct cmsghdr32 *__cmsg, int __cmsg_len)

Actions: View | Diff

Attachments on bug 73802: 45889