|
Lines 1096-1101
linux_sendmsg_common(struct thread *td, l_int s, struc
Link Here
|
| 1096 |
sa_family_t sa_family; |
1096 |
sa_family_t sa_family; |
| 1097 |
void *data; |
1097 |
void *data; |
| 1098 |
l_size_t len; |
1098 |
l_size_t len; |
|
|
1099 |
l_size_t clen; |
| 1099 |
int error; |
1100 |
int error; |
| 1100 |
|
1101 |
|
| 1101 |
error = copyin(msghdr, &linux_msg, sizeof(linux_msg)); |
1102 |
error = copyin(msghdr, &linux_msg, sizeof(linux_msg)); |
|
Lines 1127-1133
linux_sendmsg_common(struct thread *td, l_int s, struc
Link Here
|
| 1127 |
|
1128 |
|
| 1128 |
control = NULL; |
1129 |
control = NULL; |
| 1129 |
|
1130 |
|
| 1130 |
if ((ptr_cmsg = LINUX_CMSG_FIRSTHDR(&linux_msg)) != NULL) { |
1131 |
if (linux_msg.msg_controllen >= sizeof(struct l_cmsghdr)) { |
| 1131 |
error = kern_getsockname(td, s, &sa, &datalen); |
1132 |
error = kern_getsockname(td, s, &sa, &datalen); |
| 1132 |
if (error != 0) |
1133 |
if (error != 0) |
| 1133 |
goto bad; |
1134 |
goto bad; |
|
Lines 1140-1145
linux_sendmsg_common(struct thread *td, l_int s, struc
Link Here
|
| 1140 |
data = mtod(control, void *); |
1141 |
data = mtod(control, void *); |
| 1141 |
datalen = 0; |
1142 |
datalen = 0; |
| 1142 |
|
1143 |
|
|
|
1144 |
ptr_cmsg = PTRIN(linux_msg.msg_control); |
| 1145 |
clen = linux_msg.msg_controllen; |
| 1143 |
do { |
1146 |
do { |
| 1144 |
error = copyin(ptr_cmsg, &linux_cmsg, |
1147 |
error = copyin(ptr_cmsg, &linux_cmsg, |
| 1145 |
sizeof(struct l_cmsghdr)); |
1148 |
sizeof(struct l_cmsghdr)); |
|
Lines 1147-1153
linux_sendmsg_common(struct thread *td, l_int s, struc
Link Here
|
| 1147 |
goto bad; |
1150 |
goto bad; |
| 1148 |
|
1151 |
|
| 1149 |
error = EINVAL; |
1152 |
error = EINVAL; |
| 1150 |
if (linux_cmsg.cmsg_len < sizeof(struct l_cmsghdr)) |
1153 |
if (linux_cmsg.cmsg_len < sizeof(struct l_cmsghdr) || |
|
|
1154 |
linux_cmsg.cmsg_len > clen) |
| 1151 |
goto bad; |
1155 |
goto bad; |
| 1152 |
|
1156 |
|
| 1153 |
if (datalen + CMSG_HDRSZ > MCLBYTES) |
1157 |
if (datalen + CMSG_HDRSZ > MCLBYTES) |
|
Lines 1199-1205
linux_sendmsg_common(struct thread *td, l_int s, struc
Link Here
|
| 1199 |
cmsg->cmsg_len = CMSG_LEN(len); |
1203 |
cmsg->cmsg_len = CMSG_LEN(len); |
| 1200 |
data = (char *)data + CMSG_SPACE(len); |
1204 |
data = (char *)data + CMSG_SPACE(len); |
| 1201 |
datalen += CMSG_SPACE(len); |
1205 |
datalen += CMSG_SPACE(len); |
| 1202 |
} while ((ptr_cmsg = LINUX_CMSG_NXTHDR(&linux_msg, ptr_cmsg))); |
1206 |
|
|
|
1207 |
if (clen <= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len)) |
| 1208 |
break; |
| 1209 |
|
| 1210 |
clen -= LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len); |
| 1211 |
ptr_cmsg = (struct l_cmsghdr *)((char *)ptr_cmsg + |
| 1212 |
LINUX_CMSG_ALIGN(linux_cmsg.cmsg_len)); |
| 1213 |
} while(clen >= sizeof(struct l_cmsghdr)); |
| 1203 |
|
1214 |
|
| 1204 |
control->m_len = datalen; |
1215 |
control->m_len = datalen; |
| 1205 |
if (datalen == 0) { |
1216 |
if (datalen == 0) { |