[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/2] x86_64: fix msg size forwarding in case it's not set by user

From: Luca Dariz
Subject: [PATCH 1/2] x86_64: fix msg size forwarding in case it's not set by userspace
Date: Wed, 12 Jun 2024 08:27:54 +0200

* ipc/copy_user.c: recent MIG stubs should always fill the size
  correctly in the msg header, but we shouldn't rely on that. Instead,
  we use the size that was correctly copied-in, overwriting the value
  in the header. This is already done by the 32-bit copyinmsg(), and
  was missing in the 64-bit version.
  Furthermore, the assertion about user/kernel size make sense with
  and without USER32, so take it out if the #ifdef.
 ipc/copy_user.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipc/copy_user.c b/ipc/copy_user.c
index a4b238de..850ea49e 100644
--- a/ipc/copy_user.c
+++ b/ipc/copy_user.c
@@ -442,16 +442,18 @@ int copyinmsg (const void *userbuf, void *kernelbuf, 
const size_t usize, const s
   kmsg->msgh_size = sizeof(mach_msg_header_t) + ksaddr - (vm_offset_t)(kmsg + 
-  assert(kmsg->msgh_size <= ksize);
   /* The 64 bit interface ensures the header is the same size, so it does not 
need any resizing. */
   _Static_assert(sizeof(mach_msg_header_t) == sizeof(mach_msg_user_header_t),
                 "mach_msg_header_t and mach_msg_user_header_t expected to be 
of the same size");
   if (copyin(umsg, kmsg, usize))
     return 1;
+  kmsg->msgh_size = usize;
   kmsg->msgh_remote_port &= 0xFFFFFFFF; // FIXME: still have port names here
   kmsg->msgh_local_port &= 0xFFFFFFFF;  // also, this assumes little-endian
+  assert(kmsg->msgh_size <= ksize);
   return 0;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]