diff options
| author | rrs <rrs@FreeBSD.org> | 2007-06-11 21:05:29 +0000 |
|---|---|---|
| committer | rrs <rrs@FreeBSD.org> | 2007-06-11 21:05:29 +0000 |
| commit | 00f8f869d583e6b882bb62e264ccfbf15dfba7b6 (patch) | |
| tree | 77931ad69b1cf3d2bb378f9cce503c00ef844327 /lib | |
| parent | b99cd15f4c4eb9bc656c01ac732821ae19ba6a12 (diff) | |
| download | FreeBSD-src-00f8f869d583e6b882bb62e264ccfbf15dfba7b6.zip FreeBSD-src-00f8f869d583e6b882bb62e264ccfbf15dfba7b6.tar.gz | |
- Validate incoming addresses and sizes for connectx and bindx.
- For non-sys call version pass the msg_flags.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/net/sctp_sys_calls.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/libc/net/sctp_sys_calls.c b/lib/libc/net/sctp_sys_calls.c index f1fdbde..18f39c1 100644 --- a/lib/libc/net/sctp_sys_calls.c +++ b/lib/libc/net/sctp_sys_calls.c @@ -1,7 +1,7 @@ /* $KAME: sctp_sys_calls.c,v 1.9 2004/08/17 06:08:53 itojun Exp $ */ /* - * Copyright (C) 2002-2006 Cisco Systems Inc, + * Copyright (C) 2002-2007 Cisco Systems Inc, * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -164,15 +164,21 @@ sctp_getaddrlen(sa_family_t family) } int -sctp_connectx(int sd, const struct sockaddr *addrs, int addrcnt, sctp_assoc_t * id) +sctp_connectx(int sd, const struct sockaddr *addrs, int addrcnt, + sctp_assoc_t * id) { char buf[SCTP_STACK_BUF_SIZE]; int i, ret, cnt, *aa; char *cpto; const struct sockaddr *at; - size_t len = sizeof(int); sctp_assoc_t *p_id; + size_t len = sizeof(int); + /* validate the address count and list */ + if ((addrs == NULL) || (addrcnt <= 0)) { + errno = EINVAL; + return (-1); + } at = addrs; cnt = 0; cpto = ((caddr_t)buf + sizeof(int)); @@ -227,11 +233,17 @@ sctp_bindx(int sd, struct sockaddr *addrs, int addrcnt, int flags) struct sockaddr *sa; int i, sz, fam, argsz; + /* validate the flags */ if ((flags != SCTP_BINDX_ADD_ADDR) && (flags != SCTP_BINDX_REM_ADDR)) { errno = EFAULT; return (-1); } + /* validate the address count and list */ + if ((addrcnt <= 0) || (addrs == NULL)) { + errno = EINVAL; + return (-1); + } argsz = (sizeof(struct sockaddr_storage) + sizeof(struct sctp_getaddresses)); gaddrs = (struct sctp_getaddresses *)calloc(1, argsz); @@ -709,7 +721,6 @@ sctp_recvmsg(int s, struct sctp_sndrcvinfo *sinfo, int *msg_flags) { - #ifdef SYS_sctp_generic_recvmsg struct iovec iov[SCTP_SMALL_IOVEC_SIZE]; @@ -745,7 +756,7 @@ sctp_recvmsg(int s, msg.msg_control = (caddr_t)controlVector; msg.msg_controllen = sizeof(controlVector); errno = 0; - sz = recvmsg(s, &msg, 0); + sz = recvmsg(s, &msg, *msg_flags); if (sz <= 0) return (sz); |
