Hi,
Emilio Pozuelo Monfort <[email protected]> writes:
> error_t
> S_socket_getopt (struct sock_user *user,
> int level, int opt,
> char **value, size_t *value_len)
> {
> - return EOPNOTSUPP;
> + int ret = 0;
> +
> + if (!user)
> + return EOPNOTSUPP;
> +
> + mutex_lock (&user->sock->lock);
> + switch (level)
> + {
> + case SOL_SOCKET:
> + switch (opt)
> + {
> + case SO_TYPE:
> + assert (*value_len >= sizeof (int));
IIUC, a client could pass *VALUE_LEN = 0 and cause the server to abort,
because of the assertion here.
Wouldn’t it be better to return EINVAL when *VALUE_LEN is not sane?
Thanks,
Ludo’.
