diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-10-01 17:24:02 +0200 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-10-01 17:34:13 +0200 |
| commit | 126c0364bf7d72d4f2ecf1ad2f4ebe1d2667940d (patch) | |
| tree | 07be87498222a605dda3ea5e0ffe81d3e5b356b0 /ipc/mach_msg.c | |
| parent | 513125f30a05b4ad3408d5f4efd36d2c6ba10744 (diff) | |
| download | gnumach-126c0364bf7d72d4f2ecf1ad2f4ebe1d2667940d.tar.gz gnumach-126c0364bf7d72d4f2ecf1ad2f4ebe1d2667940d.tar.bz2 gnumach-126c0364bf7d72d4f2ecf1ad2f4ebe1d2667940d.zip | |
ipc: Fix allocating kernel buffer for storing user message
Otherwise ipc_kmsg_copyin_body will overflow.
Diffstat (limited to 'ipc/mach_msg.c')
| -rw-r--r-- | ipc/mach_msg.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipc/mach_msg.c b/ipc/mach_msg.c index 482c85a5..fb6e6dfc 100644 --- a/ipc/mach_msg.c +++ b/ipc/mach_msg.c @@ -450,7 +450,7 @@ mach_msg_trap( * We must clear ikm_cache before copyinmsg. */ - if ((send_size > IKM_SAVED_MSG_SIZE) || + if (((send_size * IKM_EXPAND_FACTOR) > IKM_SAVED_MSG_SIZE) || (send_size < sizeof(mach_msg_user_header_t)) || (send_size & 3)) goto slow_get; |