system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-09 04:36:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

netlink: fix bug with socket buffer character counter underflow

Browse Source 
Cover case when an nb that we are now reading in full had been partially
read by previous read(2) and now has positive offset.  Throw couple
assertions that helped to catch that earlier.
This commit is contained in:
Gleb Smirnoff 2024-01-10 20:51:53 -08:00
parent f75d7fac10
commit d9b1f6fbf9
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/netlink/netlink_domain.c
View File

@ -744,6 +744,7 @@ nl_soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio,
offset = nb->offset;
while (offset < nb->datalen) {
hdr = (struct nlmsghdr *)&nb->data[offset];
MPASS(nb->offset + hdr->nlmsg_len <= nb->datalen);
if (uio->uio_resid < len + hdr->nlmsg_len) {
overflow = len + hdr->nlmsg_len -
uio->uio_resid;
@ -784,7 +785,7 @@ nl_soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio,
msgrcv++;
}
MPASS(offset == nb->datalen);
datalen += nb->datalen;
datalen += nb->datalen - nb->offset;
}
nospace:
last = nb;
@ -796,6 +797,7 @@ nl_soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio,
TAILQ_FIRST(&sb->nl_queue) = last;
last->tailq.tqe_prev = &TAILQ_FIRST(&sb->nl_queue);
}
MPASS(sb->sb_acc >= datalen);
sb->sb_acc -= datalen;
sb->sb_ccc -= datalen;
}