diff options
| author | Rich Felker <dalias@aerifal.cx> | 2012-07-12 21:37:54 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2012-07-12 21:37:54 -0400 |
| commit | 96107564e2eabbc13800fe7a7d930b67216d0805 (patch) | |
| tree | c46507f195ab69f3ffacfdeca118e337e097849e | |
| parent | 90e123f4a810d17c6bd8c2102939f6416481427e (diff) | |
| download | musl-96107564e2eabbc13800fe7a7d930b67216d0805.tar.gz musl-96107564e2eabbc13800fe7a7d930b67216d0805.tar.xz musl-96107564e2eabbc13800fe7a7d930b67216d0805.zip | |
workaround another sendmsg kernel bug on 64-bit machines
the kernel wrongly expects the cmsg length field to be size_t instead of socklen_t. in order to work around the issue, we have to impose a length limit and copy to a local buffer. the length limit should be more than sufficient for any real-world use; these headers are only used for passing file descriptors and permissions between processes over unix sockets.
| -rw-r--r-- | arch/arm/bits/socket.h | 7 | ||||
| -rw-r--r-- | arch/i386/bits/socket.h | 7 | ||||
| -rw-r--r-- | arch/mips/bits/socket.h | 7 | ||||
| -rw-r--r-- | arch/x86_64/bits/socket.h | 8 | ||||
| -rw-r--r-- | include/sys/socket.h | 7 | ||||
| -rw-r--r-- | src/network/sendmsg.c | 13 |
6 files changed, 42 insertions, 7 deletions
diff --git a/arch/arm/bits/socket.h b/arch/arm/bits/socket.h index c464ed90..36febbc2 100644 --- a/arch/arm/bits/socket.h +++ b/arch/arm/bits/socket.h @@ -8,3 +8,10 @@ struct msghdr socklen_t msg_controllen; int msg_flags; }; + +struct cmsghdr +{ + socklen_t cmsg_len; + int cmsg_level; + int cmsg_type; +}; diff --git a/arch/i386/bits/socket.h b/arch/i386/bits/socket.h index c464ed90..36febbc2 100644 --- a/arch/i386/bits/socket.h +++ b/arch/i386/bits/socket.h @@ -8,3 +8,10 @@ struct msghdr socklen_t msg_controllen; int msg_flags; }; + +struct cmsghdr +{ + socklen_t cmsg_len; + int cmsg_level; + int cmsg_type; +}; diff --git a/arch/mips/bits/socket.h b/arch/mips/bits/socket.h index c464ed90..36febbc2 100644 --- a/arch/mips/bits/socket.h +++ b/arch/mips/bits/socket.h @@ -8,3 +8,10 @@ struct msghdr socklen_t msg_controllen; int msg_flags; }; + +struct cmsghdr +{ + socklen_t cmsg_len; + int cmsg_level; + int cmsg_type; +}; diff --git a/arch/x86_64/bits/socket.h b/arch/x86_64/bits/socket.h index 878ab117..a90c4cae 100644 --- a/arch/x86_64/bits/socket.h +++ b/arch/x86_64/bits/socket.h @@ -8,3 +8,11 @@ struct msghdr socklen_t msg_controllen, __pad2; int msg_flags; }; + +struct cmsghdr +{ + socklen_t cmsg_len; + int __pad1; + int cmsg_level; + int cmsg_type; +}; diff --git a/include/sys/socket.h b/include/sys/socket.h index 50de321b..88243ae5 100644 --- a/include/sys/socket.h +++ b/include/sys/socket.h @@ -17,13 +17,6 @@ extern "C" { #include <bits/socket.h> -struct cmsghdr -{ - socklen_t cmsg_len; - int cmsg_level; - int cmsg_type; -}; - struct ucred { pid_t pid; diff --git a/src/network/sendmsg.c b/src/network/sendmsg.c index 164c28d7..5f080007 100644 --- a/src/network/sendmsg.c +++ b/src/network/sendmsg.c @@ -1,5 +1,7 @@ #include <sys/socket.h> #include <limits.h> +#include <string.h> +#include <errno.h> #include "syscall.h" #include "libc.h" @@ -7,10 +9,21 @@ ssize_t sendmsg(int fd, const struct msghdr *msg, int flags) { #if LONG_MAX > INT_MAX struct msghdr h; + struct cmsghdr chbuf[1024/sizeof(struct cmsghdr)+1], *c; if (msg) { h = *msg; h.__pad1 = h.__pad2 = 0; msg = &h; + if (h.msg_controllen) { + if (h.msg_controllen > 1024) { + errno = ENOMEM; + return -1; + } + memcpy(chbuf, h.msg_control, h.msg_controllen); + h.msg_control = chbuf; + for (c=CMSG_FIRSTHDR(&h); c; c=CMSG_NXTHDR(&h,c)) + c->__pad1 = 0; + } } #endif return socketcall_cp(sendmsg, fd, msg, flags, 0, 0, 0); |