src - FreeBSD source tree

diff options

author	Mateusz Guzik <mjg@FreeBSD.org>	2014-06-27 05:04:36 +0000
committer	Mateusz Guzik <mjg@FreeBSD.org>	2014-06-27 05:04:36 +0000
commit	de966666a2c93cb8ab9c8d944db983eb38462fc4 (patch)
tree	3f0e08d9bfdd8f1f0b19b0f484ed02b88de1b794 /sys/vm/vm_mmap.c
parent	a43f0be9feca20b05d08c4a97b0b0bdf632afb67 (diff)

Check lower bound of cmsg_len.

If passed cm->cmsg_len was below cmsghdr size the experssion: datalen = (caddr_t)cm + cm->cmsg_len - (caddr_t)data; would give negative result. However, in practice it would not result in a crash because the kernel would try to obtain garbage fds for given process and would error out with EBADF. PR: 124908 Submitted by: campbell mumble.net (modified a little) MFC after: 1 week

Notes

Notes: svn path=/head/; revision=267947

Diffstat (limited to 'sys/vm/vm_mmap.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: