From 9db152733a8d4cd06cdc4dfd84c7f9fe4b6386b7 Mon Sep 17 00:00:00 2001 From: ngie Date: Mon, 29 May 2017 06:26:00 +0000 Subject: MFC r316179,r316180,r316181,r316260: r316179 (by cem): t_msgsnd: Use msgsnd()'s msgsz argument correctly to avoid overflow msgsnd's msgsz argument is the size of the message following the 'long' message type. Don't include the message type in the size of the message when invoking msgsnd(2). CID: 1368712 r316180 (by cem): Follow-up to r316179: More of the same CIDs: 1368705, 1368706, 1368707, 1368710 r316181 (by cem): t_msgctl: Fix the same msgsnd() misuse as t_msgsnd msgsnd(2)'s msgsz argument does not describe the full structure, only the message component. CIDs: 1368703, 1368711 r316260: Annotate all changes made in r316178-r316180 with __FreeBSD__ Restore the stock (upstream) code under an #else block, so it's easier for me to visualize and understand the code that needs to be upstreamed. --- contrib/netbsd-tests/lib/libc/sys/t_msgctl.c | 8 ++++++++ contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c b/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c index 9f99980..4c145cc 100644 --- a/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c +++ b/contrib/netbsd-tests/lib/libc/sys/t_msgctl.c @@ -203,7 +203,11 @@ ATF_TC_BODY(msgctl_pid, tc) if (pid == 0) { +#ifdef __FreeBSD__ + (void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); +#else (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); +#endif _exit(EXIT_SUCCESS); } @@ -314,7 +318,11 @@ ATF_TC_BODY(msgctl_time, tc) t = time(NULL); (void)memset(&msgds, 0, sizeof(struct msqid_ds)); +#ifdef __FreeBSD__ + (void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); +#else (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); +#endif (void)msgctl(id, IPC_STAT, &msgds); if (llabs(t - msgds.msg_stime) > 1) diff --git a/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c b/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c index 5988821..562602a 100644 --- a/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c +++ b/contrib/netbsd-tests/lib/libc/sys/t_msgsnd.c @@ -98,7 +98,11 @@ ATF_TC_BODY(msgsnd_block, tc) */ for (;;) { +#ifdef __FreeBSD__ + if (msgsnd(id, &msg, sizeof(msg.buf), 0) < 0) +#else if (msgsnd(id, &msg, sizeof(struct msg), 0) < 0) +#endif _exit(EXIT_FAILURE); } } @@ -140,7 +144,11 @@ ATF_TC_BODY(msgsnd_count, tc) for (;;) { errno = 0; +#ifdef __FreeBSD__ + rv = msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); +#else rv = msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); +#endif if (rv == 0) { i++; @@ -184,12 +192,20 @@ ATF_TC_BODY(msgsnd_err, tc) errno = 0; ATF_REQUIRE_ERRNO(EFAULT, msgsnd(id, (void *)-1, +#ifdef __FreeBSD__ + sizeof(msg.buf), IPC_NOWAIT) == -1); +#else sizeof(struct msg), IPC_NOWAIT) == -1); +#endif errno = 0; ATF_REQUIRE_ERRNO(EINVAL, msgsnd(-1, &msg, +#ifdef __FreeBSD__ + sizeof(msg.buf), IPC_NOWAIT) == -1); +#else sizeof(struct msg), IPC_NOWAIT) == -1); +#endif errno = 0; @@ -200,7 +216,11 @@ ATF_TC_BODY(msgsnd_err, tc) msg.mtype = 0; ATF_REQUIRE_ERRNO(EINVAL, msgsnd(id, &msg, +#ifdef __FreeBSD__ + sizeof(msg.buf), IPC_NOWAIT) == -1); +#else sizeof(struct msg), IPC_NOWAIT) == -1); +#endif ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0); } @@ -234,7 +254,11 @@ ATF_TC_BODY(msgsnd_nonblock, tc) for (;;) { errno = 0; +#ifdef __FreeBSD__ + rv = msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT); +#else rv = msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT); +#endif if (rv == -1 && errno == EAGAIN) _exit(EXIT_SUCCESS); @@ -299,7 +323,11 @@ ATF_TC_BODY(msgsnd_perm, tc) errno = 0; +#ifdef __FreeBSD__ + if (msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT) == 0) +#else if (msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT) == 0) +#endif _exit(EXIT_FAILURE); if (errno != EACCES) -- cgit v1.1