diff options
| -rw-r--r-- | include/sys/sem.h | 10 | ||||
| -rw-r--r-- | src/ipc/semget.c | 7 |
2 files changed, 16 insertions, 1 deletions
diff --git a/include/sys/sem.h b/include/sys/sem.h index cc3a3e63..e74ea208 100644 --- a/include/sys/sem.h +++ b/include/sys/sem.h @@ -25,13 +25,21 @@ extern "C" { #define SETVAL 16 #define SETALL 17 +#include <endian.h> + struct semid_ds { struct ipc_perm sem_perm; long sem_otime; unsigned long __unused1; long sem_ctime; unsigned long __unused2; - unsigned long sem_nsems; +#if __BYTE_ORDER == __LITTLE_ENDIAN + unsigned short sem_nsems; + char __sem_nsems_pad[sizeof(long)-sizeof(short)]; +#else + char __sem_nsems_pad[sizeof(long)-sizeof(short)]; + unsigned short sem_nsems; +#endif unsigned long __unused3; unsigned long __unused4; }; diff --git a/src/ipc/semget.c b/src/ipc/semget.c index 5f110e3b..c4a559db 100644 --- a/src/ipc/semget.c +++ b/src/ipc/semget.c @@ -1,9 +1,16 @@ #include <sys/sem.h> +#include <limits.h> +#include <errno.h> #include "syscall.h" #include "ipc.h" int semget(key_t key, int n, int fl) { + /* The kernel uses the wrong type for the sem_nsems member + * of struct semid_ds, and thus might not check that the + * n fits in the correct (per POSIX) userspace type, so + * we have to check here. */ + if (n > USHRT_MAX) return __syscall_ret(-EINVAL); #ifdef SYS_semget return syscall(SYS_semget, key, n, fl); #else |