socket: Check lengths before advancing pointer in CMSG_NXTHDR - glibc.git - Mirror of https://sourceware.org/git/glibc.git

diff options

author	Arjun Shankar <arjun@redhat.com>	2022-08-02 11:10:25 +0200
committer	Arjun Shankar <arjun@redhat.com>	2022-08-22 16:32:13 +0200
commit	d13a7a6f100576b1e30dc044b2e0c4cbcb6196f6 (patch)
tree	4b82623535d70dd0f5fa4821f88a1cbabafa5a81 /sysdeps/unix/sysv/linux/sys/user.h
parent	8b139cd4f1074ae0d95d9bff60db283a1ed72734 (diff)
download	glibc-d13a7a6f100576b1e30dc044b2e0c4cbcb6196f6.tar glibc-d13a7a6f100576b1e30dc044b2e0c4cbcb6196f6.tar.gz glibc-d13a7a6f100576b1e30dc044b2e0c4cbcb6196f6.tar.bz2 glibc-d13a7a6f100576b1e30dc044b2e0c4cbcb6196f6.zip

socket: Check lengths before advancing pointer in CMSG_NXTHDR

The inline and library functions that the CMSG_NXTHDR macro may expand to increment the pointer to the header before checking the stride of the increment against available space. Since C only allows incrementing pointers to one past the end of an array, the increment must be done after a length check. This commit fixes that and includes a regression test for CMSG_FIRSTHDR and CMSG_NXTHDR. The Linux, Hurd, and generic headers are all changed. Tested on Linux on armv7hl, i686, x86_64, aarch64, ppc64le, and s390x. [BZ #28846] Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> (cherry picked from commit 9c443ac4559a47ed99859bd80d14dc4b6dd220a1)

Diffstat (limited to 'sysdeps/unix/sysv/linux/sys/user.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: