kern_recvmsg() may not return a valid(non-NULL) pointer to `sa'
authorYONETANI Tomokazu <y0netan1@dragonflybsd.org>
Sun, 28 Jan 2007 06:31:00 +0000 (06:31 +0000)
committerYONETANI Tomokazu <y0netan1@dragonflybsd.org>
Sun, 28 Jan 2007 06:31:00 +0000 (06:31 +0000)
even if its return value is 0.  Only sys_recvfrom() knew this.
Fix other callers to deal with this.

sys/emulation/43bsd/43bsd_socket.c
sys/emulation/linux/linux_socket.c
sys/kern/uipc_syscalls.c

index 07e541f..fafc5f7 100644 (file)
@@ -32,7 +32,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $DragonFly: src/sys/emulation/43bsd/43bsd_socket.c,v 1.9 2006/09/16 03:37:13 dillon Exp $
+ * $DragonFly: src/sys/emulation/43bsd/43bsd_socket.c,v 1.10 2007/01/28 06:31:00 y0netan1 Exp $
  *     from: DragonFly kern/uipc_syscalls.c,v 1.13
  *
  * The original versions of these syscalls used to live in
@@ -347,8 +347,12 @@ sys_orecvfrom(struct recvfrom_args *uap)
            &uap->flags, &uap->sysmsg_result);
 
        if (error == 0 && uap->from) {
-               fromlen = MIN(fromlen, sa->sa_len);
-               error = compat_43_copyout_sockaddr(sa, uap->from, fromlen);
+               if (sa != NULL) {
+                       fromlen = MIN(fromlen, sa->sa_len);
+                       error = compat_43_copyout_sockaddr(sa, uap->from,
+                                                          fromlen);
+               } else
+                       fromlen = 0;
                if (error == 0)
                        /*
                         * Old recvfrom didn't signal an error if this
@@ -417,8 +421,12 @@ sys_orecvmsg(struct orecvmsg_args *uap)
         * Copyout msg.msg_name and msg.msg_namelen.
         */
        if (error == 0 && msg.msg_name) {
-               fromlen = MIN(msg.msg_namelen, sa->sa_len);
-               error = compat_43_copyout_sockaddr(sa, msg.msg_name, fromlen);
+               if (sa != NULL) {
+                       fromlen = MIN(msg.msg_namelen, sa->sa_len);
+                       error = compat_43_copyout_sockaddr(sa, msg.msg_name,
+                                                          fromlen);
+               } else
+                       fromlen = 0;
                if (error == 0)
                        /*
                         * Old recvfrom didn't signal an error if this
index a94d644..1ed6717 100644 (file)
@@ -26,7 +26,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  * $FreeBSD: src/sys/compat/linux/linux_socket.c,v 1.19.2.8 2001/11/07 20:33:55 marcel Exp $
- * $DragonFly: src/sys/emulation/linux/linux_socket.c,v 1.26 2006/09/16 03:37:15 dillon Exp $
+ * $DragonFly: src/sys/emulation/linux/linux_socket.c,v 1.27 2007/01/28 06:31:00 y0netan1 Exp $
  */
 
 #include <sys/param.h>
@@ -781,8 +781,12 @@ linux_recvfrom(struct linux_recvfrom_args *args, int *res)
            NULL, &flags, res);
 
        if (error == 0 && linux_args.from) {
-               fromlen = MIN(fromlen, sa->sa_len);
-               error = linux_copyout_sockaddr(sa, linux_args.from, fromlen);
+               if (sa != NULL) {
+                       fromlen = MIN(fromlen, sa->sa_len);
+                       error = linux_copyout_sockaddr(sa, linux_args.from,
+                                                       fromlen);
+               } else
+                       fromlen = 0;
                if (error == 0)
                        copyout(&fromlen, linux_args.fromlen,
                            sizeof(fromlen));
@@ -952,8 +956,12 @@ linux_recvmsg(struct linux_recvmsg_args *args, int *res)
         * Copyout msg.msg_name and msg.msg_namelen.
         */
        if (error == 0 && msg.msg_name) {
-               fromlen = MIN(msg.msg_namelen, sa->sa_len);
-               error = linux_copyout_sockaddr(sa, msg.msg_name, fromlen);
+               if (sa != NULL) {
+                       fromlen = MIN(msg.msg_namelen, sa->sa_len);
+                       error = linux_copyout_sockaddr(sa, msg.msg_name,
+                                                       fromlen);
+               } else
+                       fromlen = 0;
                if (error == 0)
                        error = copyout(&fromlen, ufromlenp,
                            sizeof(*ufromlenp));
index 4699bf7..4f3eee0 100644 (file)
@@ -35,7 +35,7 @@
  *
  *     @(#)uipc_syscalls.c     8.4 (Berkeley) 2/21/94
  * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.65.2.17 2003/04/04 17:11:16 tegge Exp $
- * $DragonFly: src/sys/kern/uipc_syscalls.c,v 1.77 2007/01/08 21:41:56 dillon Exp $
+ * $DragonFly: src/sys/kern/uipc_syscalls.c,v 1.78 2007/01/28 06:31:00 y0netan1 Exp $
  */
 
 #include "opt_ktrace.h"
@@ -970,8 +970,12 @@ sys_recvmsg(struct recvmsg_args *uap)
         * Conditionally copyout the name and populate the namelen field.
         */
        if (error == 0 && msg.msg_name) {
-               fromlen = MIN(msg.msg_namelen, sa->sa_len);
-               error = copyout(sa, msg.msg_name, fromlen);
+               /* note: sa may still be NULL */
+               if (sa != NULL) {
+                       fromlen = MIN(msg.msg_namelen, sa->sa_len);
+                       error = copyout(sa, msg.msg_name, fromlen);
+               } else
+                       fromlen = 0;
                if (error == 0)
                        error = copyout(&fromlen, ufromlenp,
                            sizeof(*ufromlenp));