diff options
author | ngie <ngie@FreeBSD.org> | 2017-05-29 06:26:00 +0000 |
---|---|---|
committer | ngie <ngie@FreeBSD.org> | 2017-05-29 06:26:00 +0000 |
commit | 9db152733a8d4cd06cdc4dfd84c7f9fe4b6386b7 (patch) | |
tree | 43a9776f9a4e065c07d861617de1c9de72f17a70 | |
parent | c3f62e31649791ac4f3661d59b9d52155addca27 (diff) | |
download | FreeBSD-src-9db152733a8d4cd06cdc4dfd84c7f9fe4b6386b7.zip FreeBSD-src-9db152733a8d4cd06cdc4dfd84c7f9fe4b6386b7.tar.gz |
MFC r316179,r316180,r316181,r316260:
r316179 (by cem):
t_msgsnd: Use msgsnd()'s msgsz argument correctly to avoid overflow
msgsnd's msgsz argument is the size of the message following the 'long'
message type. Don't include the message type in the size of the message
when invoking msgsnd(2).
CID: 1368712
r316180 (by cem):
Follow-up to r316179: More of the same
CIDs: 1368705, 1368706, 1368707, 1368710
r316181 (by cem):
t_msgctl: Fix the same msgsnd() misuse as t_msgsnd
msgsnd(2)'s msgsz argument does not describe the full structure, only the
message component.
CIDs: 1368703, 1368711
r316260:
Annotate all changes made in r316178-r316180 with __FreeBSD__
Restore the stock (upstream) code under an #else block, so it's easier
for me to visualize and understand the code that needs to be upstreamed.
-rw-r--r-- | contrib/netbsd-tests/lib/libc/sys/t_msgctl.c | 8 | ||||
-rw-r--r-- | contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c | 28 |
2 files changed, 36 insertions, 0 deletions
diff --git a/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c b/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c index 9f99980..4c145cc 100644 --- a/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c +++ b/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c @@ -203,7 +203,11 @@ ATF_TC_BODY(msgctl_pid, tc) if (pid == 0) { +#ifdef __FreeBSD__ + (void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); +#else (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); +#endif _exit(EXIT_SUCCESS); } @@ -314,7 +318,11 @@ ATF_TC_BODY(msgctl_time, tc) t = time(NULL); (void)memset(&msgds, 0, sizeof(struct msqid_ds)); +#ifdef __FreeBSD__ + (void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); +#else (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); +#endif (void)msgctl(id, IPC_STAT, &msgds); if (llabs(t - msgds.msg_stime) > 1) diff --git a/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c b/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c index 5988821..562602a 100644 --- a/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c +++ b/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c @@ -98,7 +98,11 @@ ATF_TC_BODY(msgsnd_block, tc) */ for (;;) { +#ifdef __FreeBSD__ + if (msgsnd(id, &msg, sizeof(msg.buf), 0) < 0) +#else if (msgsnd(id, &msg, sizeof(struct msg), 0) < 0) +#endif _exit(EXIT_FAILURE); } } @@ -140,7 +144,11 @@ ATF_TC_BODY(msgsnd_count, tc) for (;;) { errno = 0; +#ifdef __FreeBSD__ + rv = msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); +#else rv = msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); +#endif if (rv == 0) { i++; @@ -184,12 +192,20 @@ ATF_TC_BODY(msgsnd_err, tc) errno = 0; ATF_REQUIRE_ERRNO(EFAULT, msgsnd(id, (void *)-1, +#ifdef __FreeBSD__ + sizeof(msg.buf), IPC_NOWAIT) == -1); +#else sizeof(struct msg), IPC_NOWAIT) == -1); +#endif errno = 0; ATF_REQUIRE_ERRNO(EINVAL, msgsnd(-1, &msg, +#ifdef __FreeBSD__ + sizeof(msg.buf), IPC_NOWAIT) == -1); +#else sizeof(struct msg), IPC_NOWAIT) == -1); +#endif errno = 0; @@ -200,7 +216,11 @@ ATF_TC_BODY(msgsnd_err, tc) msg.mtype = 0; ATF_REQUIRE_ERRNO(EINVAL, msgsnd(id, &msg, +#ifdef __FreeBSD__ + sizeof(msg.buf), IPC_NOWAIT) == -1); +#else sizeof(struct msg), IPC_NOWAIT) == -1); +#endif ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0); } @@ -234,7 +254,11 @@ ATF_TC_BODY(msgsnd_nonblock, tc) for (;;) { errno = 0; +#ifdef __FreeBSD__ + rv = msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); +#else rv = msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); +#endif if (rv == -1 && errno == EAGAIN) _exit(EXIT_SUCCESS); @@ -299,7 +323,11 @@ ATF_TC_BODY(msgsnd_perm, tc) errno = 0; +#ifdef __FreeBSD__ + if (msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT) == 0) +#else if (msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT) == 0) +#endif _exit(EXIT_FAILURE); if (errno != EACCES) |