Module Name: src
Committed By: riastradh
Date: Wed Jun 29 22:27:12 UTC 2022
Modified Files:
src/sys/kern: uipc_syscalls.c
Log Message:
recvmmsg(2): More timespec validation.
Reported-by: syzbot+004ed2f264534bd27...@syzkaller.appspotmail.com
Reported-by: syzbot+6f9014c842c4e78df...@syzkaller.appspotmail.com
To generate a diff of this commit:
cvs rdiff -u -r1.204 -r1.205 src/sys/kern/uipc_syscalls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/uipc_syscalls.c
diff -u src/sys/kern/uipc_syscalls.c:1.204 src/sys/kern/uipc_syscalls.c:1.205
--- src/sys/kern/uipc_syscalls.c:1.204 Tue Jun 28 11:41:32 2022
+++ src/sys/kern/uipc_syscalls.c Wed Jun 29 22:27:12 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_syscalls.c,v 1.204 2022/06/28 11:41:32 riastradh Exp $ */
+/* $NetBSD: uipc_syscalls.c,v 1.205 2022/06/29 22:27:12 riastradh Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.204 2022/06/28 11:41:32 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.205 2022/06/29 22:27:12 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_pipe.h"
@@ -1041,6 +1041,8 @@ sys_recvmmsg(struct lwp *l, const struct
if (SCARG(uap, timeout)) {
if ((error = copyin(SCARG(uap, timeout), &ts, sizeof(ts))) != 0)
return error;
+ if (ts.tv_nsec < 0 || ts.tv_nsec >= 1000000000L)
+ return EINVAL;
getnanotime(&now);
if (timespecaddok(&now, &ts)) {
timespecadd(&now, &ts, &ts);
