xnu-792.21.3.tar.gz

[apple/xnu.git] / osfmk / ipc / ipc_kmsg.c

diff --git a/osfmk/ipc/ipc_kmsg.c b/osfmk/ipc/ipc_kmsg.c
index 574d5531cb60e99f9eba255d66fe4a7cacf19239..3bbc0352d69b7e6858ca080948458f056bc2a19d 100644 (file)
--- a/osfmk/ipc/ipc_kmsg.c
+++ b/osfmk/ipc/ipc_kmsg.c
@@ -1,14 +1,19 @@
 /*
  * Copyright (c) 2000-2005 Apple Computer, Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ * 
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
  * 
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
@@ -18,7 +23,7 @@
  * Please see the License for the specific language governing rights and
  * limitations under the License.
  * 
- * @APPLE_LICENSE_HEADER_END@
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  * @OSF_COPYRIGHT@
@@ -201,8 +206,6 @@ ipc_kmsg_alloc(
        ipc_kmsg_t kmsg;
 
 #if !defined(__LP64__)
-       mach_msg_size_t size = msg_and_trailer_size - MAX_TRAILER_SIZE;
-
        /*
         * LP64support -
         * Pad the allocation in case we need to expand the
@@ -216,20 +219,23 @@ ipc_kmsg_alloc(
         * forward as we process them than it is to push all the
         * data backwards.
         */
-       max_expanded_size = 
-               (size > sizeof(mach_msg_base_t)) ?
-               (msg_and_trailer_size + DESC_SIZE_ADJUSTMENT * 
-                ((size - sizeof(mach_msg_base_t)) /
-                 (sizeof(mach_msg_ool_descriptor_t))))
-               :
-               (msg_and_trailer_size);
-#else
-       max_expanded_size = msg_and_trailer_size;
+
+       mach_msg_size_t size = msg_and_trailer_size - MAX_TRAILER_SIZE;
+       if (size > sizeof(mach_msg_base_t)) {
+               mach_msg_size_t max_desc = ((size - sizeof(mach_msg_base_t)) /
+                                          sizeof(mach_msg_ool_descriptor_t)) *
+                                          DESC_SIZE_ADJUSTMENT;
+               if (msg_and_trailer_size >= MACH_MSG_SIZE_MAX - max_desc)
+                       return IKM_NULL;
+               max_expanded_size = msg_and_trailer_size + max_desc;
+       } else
 #endif
+               max_expanded_size = msg_and_trailer_size;
 
-       /* round up for ikm_cache */
-       if (max_expanded_size < IKM_SAVED_MSG_SIZE)
-               max_expanded_size = IKM_SAVED_MSG_SIZE;
+       if (max_expanded_size > ikm_less_overhead(MACH_MSG_SIZE_MAX))
+               return IKM_NULL;
+       else if (max_expanded_size < IKM_SAVED_MSG_SIZE)
+               max_expanded_size = IKM_SAVED_MSG_SIZE;         /* round up for ikm_cache */
 
        if (max_expanded_size == IKM_SAVED_MSG_SIZE) {
                struct ikm_cache        *cache;
@@ -713,6 +719,9 @@ ipc_kmsg_get(
        if ((size < sizeof(mach_msg_header_t)) || (size & 3))
                return MACH_SEND_MSG_TOO_SMALL;
 
+       if (size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE)
+               return MACH_SEND_TOO_LARGE;
+
        msg_and_trailer_size = size + MAX_TRAILER_SIZE;
 
        kmsg = ipc_kmsg_alloc(msg_and_trailer_size);