X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/ff6e181ae92fc6f1e89841290f461d1f2f9badd9..21362eb3e66fd2c787aee132bce100a44d71a99c:/osfmk/ipc/ipc_kmsg.c?ds=sidebyside diff --git a/osfmk/ipc/ipc_kmsg.c b/osfmk/ipc/ipc_kmsg.c index 574d5531c..3bbc0352d 100644 --- a/osfmk/ipc/ipc_kmsg.c +++ b/osfmk/ipc/ipc_kmsg.c @@ -1,14 +1,19 @@ /* * Copyright (c) 2000-2005 Apple Computer, Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER @@ -18,7 +23,7 @@ * Please see the License for the specific language governing rights and * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * @OSF_COPYRIGHT@ @@ -201,8 +206,6 @@ ipc_kmsg_alloc( ipc_kmsg_t kmsg; #if !defined(__LP64__) - mach_msg_size_t size = msg_and_trailer_size - MAX_TRAILER_SIZE; - /* * LP64support - * Pad the allocation in case we need to expand the @@ -216,20 +219,23 @@ ipc_kmsg_alloc( * forward as we process them than it is to push all the * data backwards. */ - max_expanded_size = - (size > sizeof(mach_msg_base_t)) ? - (msg_and_trailer_size + DESC_SIZE_ADJUSTMENT * - ((size - sizeof(mach_msg_base_t)) / - (sizeof(mach_msg_ool_descriptor_t)))) - : - (msg_and_trailer_size); -#else - max_expanded_size = msg_and_trailer_size; + + mach_msg_size_t size = msg_and_trailer_size - MAX_TRAILER_SIZE; + if (size > sizeof(mach_msg_base_t)) { + mach_msg_size_t max_desc = ((size - sizeof(mach_msg_base_t)) / + sizeof(mach_msg_ool_descriptor_t)) * + DESC_SIZE_ADJUSTMENT; + if (msg_and_trailer_size >= MACH_MSG_SIZE_MAX - max_desc) + return IKM_NULL; + max_expanded_size = msg_and_trailer_size + max_desc; + } else #endif + max_expanded_size = msg_and_trailer_size; - /* round up for ikm_cache */ - if (max_expanded_size < IKM_SAVED_MSG_SIZE) - max_expanded_size = IKM_SAVED_MSG_SIZE; + if (max_expanded_size > ikm_less_overhead(MACH_MSG_SIZE_MAX)) + return IKM_NULL; + else if (max_expanded_size < IKM_SAVED_MSG_SIZE) + max_expanded_size = IKM_SAVED_MSG_SIZE; /* round up for ikm_cache */ if (max_expanded_size == IKM_SAVED_MSG_SIZE) { struct ikm_cache *cache; @@ -713,6 +719,9 @@ ipc_kmsg_get( if ((size < sizeof(mach_msg_header_t)) || (size & 3)) return MACH_SEND_MSG_TOO_SMALL; + if (size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) + return MACH_SEND_TOO_LARGE; + msg_and_trailer_size = size + MAX_TRAILER_SIZE; kmsg = ipc_kmsg_alloc(msg_and_trailer_size);