From 96107564e2eabbc13800fe7a7d930b67216d0805 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Thu, 12 Jul 2012 21:37:54 -0400 Subject: workaround another sendmsg kernel bug on 64-bit machines the kernel wrongly expects the cmsg length field to be size_t instead of socklen_t. in order to work around the issue, we have to impose a length limit and copy to a local buffer. the length limit should be more than sufficient for any real-world use; these headers are only used for passing file descriptors and permissions between processes over unix sockets. --- src/network/sendmsg.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'src/network') diff --git a/src/network/sendmsg.c b/src/network/sendmsg.c index 164c28d7..5f080007 100644 --- a/src/network/sendmsg.c +++ b/src/network/sendmsg.c @@ -1,5 +1,7 @@ #include #include +#include +#include #include "syscall.h" #include "libc.h" @@ -7,10 +9,21 @@ ssize_t sendmsg(int fd, const struct msghdr *msg, int flags) { #if LONG_MAX > INT_MAX struct msghdr h; + struct cmsghdr chbuf[1024/sizeof(struct cmsghdr)+1], *c; if (msg) { h = *msg; h.__pad1 = h.__pad2 = 0; msg = &h; + if (h.msg_controllen) { + if (h.msg_controllen > 1024) { + errno = ENOMEM; + return -1; + } + memcpy(chbuf, h.msg_control, h.msg_controllen); + h.msg_control = chbuf; + for (c=CMSG_FIRSTHDR(&h); c; c=CMSG_NXTHDR(&h,c)) + c->__pad1 = 0; + } } #endif return socketcall_cp(sendmsg, fd, msg, flags, 0, 0, 0); -- cgit v1.2.1