mirror of
https://github.com/RGBCube/serenity
synced 2025-07-10 09:37:34 +00:00
Kernel: Fix accidental memory over-read in getsockopt(IP_TTL)
We were accidentally casting the pointer to m_ttl from an u8* to an int* which resulted in copying of 3 extra unrelated bytes (which turned out to be padding in this case).
This commit is contained in:
parent
c45b1e1983
commit
20c7fcfedf
1 changed files with 4 additions and 2 deletions
|
@ -551,12 +551,14 @@ KResult IPv4Socket::getsockopt(OpenFileDescription& description, int level, int
|
|||
TRY(copy_from_user(&size, value_size.unsafe_userspace_ptr()));
|
||||
|
||||
switch (option) {
|
||||
case IP_TTL:
|
||||
case IP_TTL: {
|
||||
if (size < sizeof(int))
|
||||
return EINVAL;
|
||||
TRY(copy_to_user(static_ptr_cast<int*>(value), (int*)&m_ttl));
|
||||
int ttl = m_ttl;
|
||||
TRY(copy_to_user(static_ptr_cast<int*>(value), (int*)&ttl));
|
||||
size = sizeof(int);
|
||||
return copy_to_user(value_size, &size);
|
||||
}
|
||||
case IP_MULTICAST_LOOP: {
|
||||
if (size < 1)
|
||||
return EINVAL;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue