Reject oversized sockaddr payloads received over privsep IPC.

mirror of https://github.com/openbsd/src.git synced 2026-06-19 15:53:31 +02:00

This is not an issue on its own but may permit lateral movement or memory corruption
inside the privsep environment after another bug.

diff by Stuart Thomas <stuart.thomas@triageforge.co.uk>

This commit is contained in:

gilles

2026-05-26 22:48:13 +00:00

parent 2c717ae1c6

commit 388bcdaeab

1 changed files with 3 additions and 1 deletions

									
										usr.sbin/smtpd/mproc.c
									
		+3
		-1
	
												View File
												
				@@ -1,4 +1,4 @@

				/*	$OpenBSD: mproc.c,v 1.48 2025/10/30 16:46:19 gilles Exp $	*/

				/*	$OpenBSD: mproc.c,v 1.49 2026/05/26 22:48:13 gilles Exp $	*/

				/*

				 * Copyright (c) 2012 Eric Faurot <eric@faurot.net>

				@@ -589,6 +589,8 @@ m_get_sockaddr(struct msg *m, struct sockaddr *sa)

					size_t len;

					m_get_size(m, &len);

					if (len > sizeof(struct sockaddr_storage))

						m_error("sockaddr size too large");

					m_get(m, sa, len);

				}