MFC r316179,r316180,r316181,r316260:

r316179 (by cem):

t_msgsnd: Use msgsnd()'s msgsz argument correctly to avoid overflow

msgsnd's msgsz argument is the size of the message following the 'long'
message type.  Don't include the message type in the size of the message
when invoking msgsnd(2).

CID:		1368712

r316180 (by cem):

Follow-up to r316179: More of the same

CIDs:		1368705, 1368706, 1368707, 1368710

r316181 (by cem):

t_msgctl: Fix the same msgsnd() misuse as t_msgsnd

msgsnd(2)'s msgsz argument does not describe the full structure, only the
message component.

CIDs:		1368703, 1368711

r316260:

Annotate all changes made in r316178-r316180 with __FreeBSD__

Restore the stock (upstream) code under an #else block, so it's easier
for me to visualize and understand the code that needs to be upstreamed.

2 files changed, 36 insertions, 0 deletions

diff --git a/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c b/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c
index 9f99980..4c145cc 100644
--- a/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c
+++ b/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c
@@ -203,7 +203,11 @@ ATF_TC_BODY(msgctl_pid, tc)
 
 	if (pid == 0) {
 
+#ifdef	__FreeBSD__
+		(void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT);
+#else
 		(void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
+#endif
 
 		_exit(EXIT_SUCCESS);
 	}
@@ -314,7 +318,11 @@ ATF_TC_BODY(msgctl_time, tc)
 	t = time(NULL);
 
 	(void)memset(&msgds, 0, sizeof(struct msqid_ds));
+#ifdef	__FreeBSD__
+	(void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT);
+#else
 	(void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
+#endif
 	(void)msgctl(id, IPC_STAT, &msgds);
 
 	if (llabs(t - msgds.msg_stime) > 1)
diff --git a/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c b/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c
index 5988821..562602a 100644
--- a/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c
+++ b/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c
@@ -98,7 +98,11 @@ ATF_TC_BODY(msgsnd_block, tc)
 		 */
 		for (;;) {
 
+#ifdef __FreeBSD__
+			if (msgsnd(id, &msg, sizeof(msg.buf), 0) < 0)
+#else
 			if (msgsnd(id, &msg, sizeof(struct msg), 0) < 0)
+#endif
 				_exit(EXIT_FAILURE);
 		}
 	}
@@ -140,7 +144,11 @@ ATF_TC_BODY(msgsnd_count, tc)
 	for (;;) {
 
 		errno = 0;
+#ifdef	__FreeBSD__
+		rv = msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT);
+#else
 		rv = msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
+#endif
 
 		if (rv == 0) {
 			i++;
@@ -184,12 +192,20 @@ ATF_TC_BODY(msgsnd_err, tc)
 	errno = 0;
 
 	ATF_REQUIRE_ERRNO(EFAULT, msgsnd(id, (void *)-1,
+#ifdef	__FreeBSD__
+		sizeof(msg.buf), IPC_NOWAIT) == -1);
+#else
 		sizeof(struct msg), IPC_NOWAIT) == -1);
+#endif
 
 	errno = 0;
 
 	ATF_REQUIRE_ERRNO(EINVAL, msgsnd(-1, &msg,
+#ifdef	__FreeBSD__
+		sizeof(msg.buf), IPC_NOWAIT) == -1);
+#else
 		sizeof(struct msg), IPC_NOWAIT) == -1);
+#endif
 
 	errno = 0;
 
@@ -200,7 +216,11 @@ ATF_TC_BODY(msgsnd_err, tc)
 	msg.mtype = 0;
 
 	ATF_REQUIRE_ERRNO(EINVAL, msgsnd(id, &msg,
+#ifdef	__FreeBSD__
+		sizeof(msg.buf), IPC_NOWAIT) == -1);
+#else
 		sizeof(struct msg), IPC_NOWAIT) == -1);
+#endif
 
 	ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
 }
@@ -234,7 +254,11 @@ ATF_TC_BODY(msgsnd_nonblock, tc)
 		for (;;) {
 
 			errno = 0;
+#ifdef	__FreeBSD__
+			rv = msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT);
+#else
 			rv = msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
+#endif
 
 			if (rv == -1 && errno == EAGAIN)
 				_exit(EXIT_SUCCESS);
@@ -299,7 +323,11 @@ ATF_TC_BODY(msgsnd_perm, tc)
 
 		errno = 0;
 
+#ifdef	__FreeBSD__
+		if (msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT) == 0)
+#else
 		if (msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT) == 0)
+#endif
 			_exit(EXIT_FAILURE);
 
 		if (errno != EACCES)