Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/compat/mach More santity checks when sending data to a p...
details: https://anonhg.NetBSD.org/src/rev/7ffa6046d273
branches: trunk
changeset: 555882:7ffa6046d273
user: manu <manu%NetBSD.org@localhost>
date: Wed Dec 03 18:18:43 2003 +0000
description:
More santity checks when sending data to a port: is there someone listening
on the receive end?
diffstat:
sys/compat/mach/mach_message.c | 30 ++++++++++++++++++++++--------
sys/compat/mach/mach_port.c | 20 +++++++++++++-------
2 files changed, 35 insertions(+), 15 deletions(-)
diffs (146 lines):
diff -r 9e1776efce64 -r 7ffa6046d273 sys/compat/mach/mach_message.c
--- a/sys/compat/mach/mach_message.c Wed Dec 03 18:14:02 2003 +0000
+++ b/sys/compat/mach/mach_message.c Wed Dec 03 18:18:43 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mach_message.c,v 1.32 2003/11/27 23:44:49 manu Exp $ */
+/* $NetBSD: mach_message.c,v 1.33 2003/12/03 18:18:43 manu Exp $ */
/*-
* Copyright (c) 2002-2003 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mach_message.c,v 1.32 2003/11/27 23:44:49 manu Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mach_message.c,v 1.33 2003/12/03 18:18:43 manu Exp $");
#include "opt_ktrace.h"
#include "opt_compat_mach.h" /* For COMPAT_MACH in <sys/ktrace.h> */
@@ -153,7 +153,7 @@
lr = mach_right_check(ln, l, MACH_PORT_TYPE_ALL_RIGHTS);
rr = mach_right_check(rn, l, MACH_PORT_TYPE_ALL_RIGHTS);
- if (rr == NULL) {
+ if ((rr == NULL) || (rr->mr_port == NULL)) {
#ifdef DEBUG_MACH
printf("msg id %d: invalid dest\n", sm->msgh_id);
#endif
@@ -161,7 +161,6 @@
goto out1;
}
-
/*
* Check that the process has send a send right on
* the remote port.
@@ -211,7 +210,7 @@
* as we already receive a reply.
* - request and reply are swapped
* - there will be no reply, so set lr to NULL.
- * - skip the lr == NULL test
+ * - skip the lr == NULL tests
* XXX This is inelegant.
*/
if ((sm->msgh_id >= 2501) && (sm->msgh_id <= 2503)) {
@@ -225,7 +224,12 @@
* Check that the local port is valid, else
* we will not be able to send the reply
*/
- if (lr == NULL) {
+ if ((lr == NULL) ||
+ (lr->mr_port == NULL) ||
+ (lr->mr_port->mp_recv == NULL)) {
+#ifdef DEBUG_MACH
+ printf("msg id %d: invalid src\n", sm->msgh_id);
+#endif
*retval = MACH_SEND_INVALID_REPLY;
goto out1;
}
@@ -337,9 +341,19 @@
} else {
/*
* The message is not to be handled by the kernel.
- * Queue the message in the remote port.
+ * Check that there is a valid receiver, and
+ * queue the message in the remote port.
*/
- mp = rr->mr_port;
+ mp = rr->mr_port; /* (mp != NULL) already checked */
+ if (mp->mp_recv == NULL) {
+#ifdef DEBUG_MACH
+ printf("msg id %d: invalid dst\n", sm->msgh_id);
+#endif
+ *retval = MACH_SEND_INVALID_DEST;
+ free(sm, M_EMULDATA);
+ return 0;
+ }
+
(void)mach_message_get(sm, send_size, mp, l);
#ifdef DEBUG_MACH_MSG
printf("pid %d: message queued on port %p (%d) [%p]\n",
diff -r 9e1776efce64 -r 7ffa6046d273 sys/compat/mach/mach_port.c
--- a/sys/compat/mach/mach_port.c Wed Dec 03 18:14:02 2003 +0000
+++ b/sys/compat/mach/mach_port.c Wed Dec 03 18:18:43 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mach_port.c,v 1.44 2003/11/13 13:40:39 manu Exp $ */
+/* $NetBSD: mach_port.c,v 1.45 2003/12/03 18:18:43 manu Exp $ */
/*-
* Copyright (c) 2002-2003 The NetBSD Foundation, Inc.
@@ -38,7 +38,7 @@
#include "opt_compat_darwin.h"
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mach_port.c,v 1.44 2003/11/13 13:40:39 manu Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mach_port.c,v 1.45 2003/12/03 18:18:43 manu Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -824,6 +824,13 @@
mach_notify_port_dead_name(mr->mr_lwp, mr);
}
if (mr->mr_port != NULL) {
+ /* There is no more receiver */
+#ifdef DIAGNOSTIC
+ if (mr->mr_port->mp_recv != mr)
+ printf("several receiver on a single port\n");
+#endif
+ mr->mr_port->mp_recv = NULL;
+
mr->mr_port->mp_refcount--;
if (mr->mr_port->mp_refcount <= 0)
mach_port_put(mr->mr_port);
@@ -946,13 +953,12 @@
void
mach_debug_port(void)
{
- struct lwp *l;
struct mach_emuldata *med;
struct mach_right *mr;
struct mach_right *mrs;
- struct proc *p = l->l_proc;
+ struct proc *p;
- LIST_FOREACH(l, &alllwp, l_list) {
+ LIST_FOREACH(p, &allproc, p_list) {
if ((p->p_emul != &emul_mach) &&
#ifdef COMPAT_DARWIN
(p->p_emul != &emul_darwin) &&
@@ -965,7 +971,7 @@
if ((mr->mr_type & MACH_PORT_TYPE_PORT_SET) == 0) {
printf("pid %d: %p(%x)=>%p",
p->p_pid, mr, mr->mr_type, mr->mr_port);
- if (mr->mr_port != NULL)
+ if (mr->mr_port && mr->mr_port->mp_recv)
printf("[%p]\n",
mr->mr_port->mp_recv->mr_sethead);
else
@@ -980,7 +986,7 @@
LIST_FOREACH(mrs, &mr->mr_set, mr_setlist) {
printf("%p(%x)=>%p",
mrs, mrs->mr_type, mrs->mr_port);
- if (mrs->mr_port != NULL)
+ if (mrs->mr_port && mrs->mr_port->mp_recv)
printf("[%p]",
mrs->mr_port->mp_recv->mr_sethead);
else
Home |
Main Index |
Thread Index |
Old Index