review.tizen.org Git - platform/upstream/glibc.git/commit

author	Arjun Shankar <arjun@redhat.com>
	Tue, 2 Aug 2022 09:10:25 +0000 (11:10 +0200)
committer	Arjun Shankar <arjun@redhat.com>
	Tue, 2 Aug 2022 09:10:25 +0000 (11:10 +0200)
commit	9c443ac4559a47ed99859bd80d14dc4b6dd220a1
tree	c7965d741b7efbbb8e86e5063f7a097b8b9bf8e2	tree \| snapshot
parent	521d54056242aae41ad362bd95ab17c50138337a	commit \| diff

socket: Check lengths before advancing pointer in CMSG_NXTHDR

The inline and library functions that the CMSG_NXTHDR macro may expand
to increment the pointer to the header before checking the stride of
the increment against available space. Since C only allows incrementing
pointers to one past the end of an array, the increment must be done
after a length check. This commit fixes that and includes a regression
test for CMSG_FIRSTHDR and CMSG_NXTHDR.

The Linux, Hurd, and generic headers are all changed.

Tested on Linux on armv7hl, i686, x86_64, aarch64, ppc64le, and s390x.

[BZ #28846]

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

bits/socket.h		diff \| blob \| history
socket/Makefile		diff \| blob \| history
socket/tst-cmsghdr-skeleton.c	[new file with mode: 0644]	blob
socket/tst-cmsghdr.c	[new file with mode: 0644]	blob
sysdeps/mach/hurd/bits/socket.h		diff \| blob \| history
sysdeps/unix/sysv/linux/bits/socket.h		diff \| blob \| history
sysdeps/unix/sysv/linux/cmsg_nxthdr.c		diff \| blob \| history