diff options
author | davide <davide@FreeBSD.org> | 2014-08-20 17:26:05 +0000 |
---|---|---|
committer | davide <davide@FreeBSD.org> | 2014-08-20 17:26:05 +0000 |
commit | 4c6c2c8b89f4687abb454f6a29001367f7125cf1 (patch) | |
tree | 519247960cea18077cea086b7a803cc430468ef2 | |
parent | c044c8f131adcc319c9be0d332b946af98191c62 (diff) | |
download | FreeBSD-src-4c6c2c8b89f4687abb454f6a29001367f7125cf1.zip FreeBSD-src-4c6c2c8b89f4687abb454f6a29001367f7125cf1.tar.gz |
MFC r269502:
Fix an overflow in getsockopt(). optval isn't big enough to hold
sbintime_t.
Re-introduce r255030 behaviour capping socket timeouts to INT_32
if they're too large.
-rw-r--r-- | sys/kern/uipc_socket.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 9b5e342..6cb446a 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -2548,8 +2548,10 @@ sosetopt(struct socket *so, struct sockopt *sopt) error = EDOM; goto bad; } - val = tvtosbt(tv); - + if (tv.tv_sec > INT32_MAX) + val = SBT_MAX; + else + val = tvtosbt(tv); switch (sopt->sopt_name) { case SO_SNDTIMEO: so->so_snd.sb_timeo = val; @@ -2699,10 +2701,8 @@ integer: case SO_SNDTIMEO: case SO_RCVTIMEO: - optval = (sopt->sopt_name == SO_SNDTIMEO ? - so->so_snd.sb_timeo : so->so_rcv.sb_timeo); - - tv = sbttotv(optval); + tv = sbttotv(sopt->sopt_name == SO_SNDTIMEO ? + so->so_snd.sb_timeo : so->so_rcv.sb_timeo); #ifdef COMPAT_FREEBSD32 if (SV_CURPROC_FLAG(SV_ILP32)) { struct timeval32 tv32; |