From 417693c81357ae1110479329847a2066e672e252 Mon Sep 17 00:00:00 2001
From: truckman <truckman@FreeBSD.org>
Date: Sat, 10 Jan 2004 08:28:54 +0000
Subject: Add a somewhat redundant check on the len arguement to getsockaddr()
 to avoid relying on the minimum memory allocation size to avoid problems. The
 check is somewhat redundant because the consumers of the returned structure
 will check that sa_len is a protocol-specific larger size.

Submitted by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	nectar
MFC after:	30 days
---
 sys/kern/uipc_syscalls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index b5c500a..2b6599c 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1607,6 +1607,8 @@ getsockaddr(namp, uaddr, len)
 
 	if (len > SOCK_MAXADDRLEN)
 		return ENAMETOOLONG;
+	if (len < offsetof(struct sockaddr, sa_data[0]))
+		return EINVAL;
 	MALLOC(sa, struct sockaddr *, len, M_SONAME, M_WAITOK);
 	error = copyin(uaddr, sa, len);
 	if (error) {
-- 
cgit v1.1