mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-21 11:13:30 +00:00
Code Issues Releases Activity

Validate that user supplied control message length is not negative.

Browse Source 
Submitted by:	C Turt <cturt hardenedbsd.org>
Security:	SA-16:19
Security:	CVE-2016-1887
This commit is contained in:
Gleb Smirnoff 2016-05-17 22:28:53 +00:00
parent c9d2719027
commit 7349ea785c
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=300090
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/kern/uipc_syscalls.c
View File

@ -1699,6 +1699,9 @@ sockargs(mp, buf, buflen, type)
struct mbuf *m;
int error;
if (buflen < 0)
return (EINVAL);
if (buflen > MLEN) {
#ifdef COMPAT_OLDSOCK
if (type == MT_SONAME && buflen <= 112)