* ipc/copy_user.c: recent MIG stubs should always fill the size
correctly in the msg header, but we shouldn't rely on that. Instead,
we use the size that was correctly copied-in, overwriting the value
in the header. This is already done by the 32-bit copyinmsg(), and
was missing in the 64-bit version.
Furthermore, the assertion about user/kernel size make sense with
and without USER32, so take it out if the #ifdef.
---
ipc/copy_user.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ipc/copy_user.c b/ipc/copy_user.c
index a4b238de..850ea49e 100644
--- a/ipc/copy_user.c
+++ b/ipc/copy_user.c
@@ -442,16 +442,18 @@ int copyinmsg (const void *userbuf, void *kernelbuf,
const size_t usize, const s
}
kmsg->msgh_size = sizeof(mach_msg_header_t) + ksaddr - (vm_offset_t)(kmsg +
1);
- assert(kmsg->msgh_size <= ksize);
#else
/* The 64 bit interface ensures the header is the same size, so it does not
need any resizing. */
_Static_assert(sizeof(mach_msg_header_t) == sizeof(mach_msg_user_header_t),
"mach_msg_header_t and mach_msg_user_header_t expected to be
of the same size");
if (copyin(umsg, kmsg, usize))
return 1;
+
+ kmsg->msgh_size = usize;
kmsg->msgh_remote_port &= 0xFFFFFFFF; // FIXME: still have port names here
kmsg->msgh_local_port &= 0xFFFFFFFF; // also, this assumes little-endian
#endif
+ assert(kmsg->msgh_size <= ksize);
return 0;
}
--
2.39.2
