mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-15 21:30:43 +00:00
8920e8f94c
When we copy 32bit ->msg_control contents to kernel, we walk the same userland data twice without sanity checks on the second pass. Second version of this patch: the original broke with 64-bit arches running 32-bit-compat-mode executables doing sendmsg() syscalls with unaligned CMSG data areas Another thing is that we use kmalloc() to allocate and sock_kfree_s() to free afterwards; less serious, but also needs fixing. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
40 lines
1.2 KiB
C
40 lines
1.2 KiB
C
#ifndef NET_COMPAT_H
|
|
#define NET_COMPAT_H
|
|
|
|
#include <linux/config.h>
|
|
|
|
#if defined(CONFIG_COMPAT)
|
|
|
|
#include <linux/compat.h>
|
|
|
|
struct compat_msghdr {
|
|
compat_uptr_t msg_name; /* void * */
|
|
compat_int_t msg_namelen;
|
|
compat_uptr_t msg_iov; /* struct compat_iovec * */
|
|
compat_size_t msg_iovlen;
|
|
compat_uptr_t msg_control; /* void * */
|
|
compat_size_t msg_controllen;
|
|
compat_uint_t msg_flags;
|
|
};
|
|
|
|
struct compat_cmsghdr {
|
|
compat_size_t cmsg_len;
|
|
compat_int_t cmsg_level;
|
|
compat_int_t cmsg_type;
|
|
};
|
|
|
|
#else /* defined(CONFIG_COMPAT) */
|
|
#define compat_msghdr msghdr /* to avoid compiler warnings */
|
|
#endif /* defined(CONFIG_COMPAT) */
|
|
|
|
extern int get_compat_msghdr(struct msghdr *, struct compat_msghdr __user *);
|
|
extern int verify_compat_iovec(struct msghdr *, struct iovec *, char *, int);
|
|
extern asmlinkage long compat_sys_sendmsg(int,struct compat_msghdr __user *,unsigned);
|
|
extern asmlinkage long compat_sys_recvmsg(int,struct compat_msghdr __user *,unsigned);
|
|
extern asmlinkage long compat_sys_getsockopt(int, int, int, char __user *, int __user *);
|
|
extern int put_cmsg_compat(struct msghdr*, int, int, int, void *);
|
|
extern int cmsghdr_from_user_compat_to_kern(struct msghdr *, struct sock *, unsigned char *,
|
|
int);
|
|
|
|
#endif /* NET_COMPAT_H */
|