x86_64: fix msg size forwarding in case it's not set by userspace

* ipc/copy_user.c: recent MIG stubs should always fill the size
  correctly in the msg header, but we shouldn't rely on that. Instead,
  we use the size that was correctly copied-in, overwriting the value
  in the header. This is already done by the 32-bit copyinmsg(), and
  was missing in the 64-bit version.
  Furthermore, the assertion about user/kernel size make sense with
  and without USER32, so take it out if the #ifdef.
Message-ID: <20240612062755.116308-1-luca@orpolo.org>

1 files changed, 3 insertions, 1 deletions

diff --git a/ipc/copy_user.c b/ipc/copy_user.c
index a4b238de..850ea49e 100644
--- a/ipc/copy_user.c
+++ b/ipc/copy_user.c
@@ -442,16 +442,18 @@ int copyinmsg (const void *userbuf, void *kernelbuf, const size_t usize, const s
     }
 
   kmsg->msgh_size = sizeof(mach_msg_header_t) + ksaddr - (vm_offset_t)(kmsg + 1);
-  assert(kmsg->msgh_size <= ksize);
 #else
   /* The 64 bit interface ensures the header is the same size, so it does not need any resizing. */
   _Static_assert(sizeof(mach_msg_header_t) == sizeof(mach_msg_user_header_t),
 		 "mach_msg_header_t and mach_msg_user_header_t expected to be of the same size");
   if (copyin(umsg, kmsg, usize))
     return 1;
+
+  kmsg->msgh_size = usize;
   kmsg->msgh_remote_port &= 0xFFFFFFFF; // FIXME: still have port names here
   kmsg->msgh_local_port &= 0xFFFFFFFF;  // also, this assumes little-endian
 #endif
+  assert(kmsg->msgh_size <= ksize);
   return 0;
 }