Permalink
Browse files

Validate that user supplied control message length is not negative.

Submitted by:	C Turt <cturt hardenedbsd.org>
Security:	SA-16:19
Security:	CVE-2016-1887
  • Loading branch information...
glebius committed May 17, 2016
1 parent 1d7ec4d commit 5e838e04e3b91d8abb280148ff38b52013f10389
Showing with 3 additions and 0 deletions.
  1. +3 −0 sys/kern/uipc_syscalls.c
View
@@ -1699,6 +1699,9 @@ sockargs(mp, buf, buflen, type)
struct mbuf *m;
int error;
if (buflen < 0)
return (EINVAL);
if (buflen > MLEN) {
#ifdef COMPAT_OLDSOCK
if (type == MT_SONAME && buflen <= 112)

0 comments on commit 5e838e0

Please sign in to comment.