X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/ff6e181ae92fc6f1e89841290f461d1f2f9badd9..89b3af67bb32e691275bf6fa803d1834b2284115:/osfmk/ipc/mach_msg.c diff --git a/osfmk/ipc/mach_msg.c b/osfmk/ipc/mach_msg.c index cab3b02ec..516c7a15a 100644 --- a/osfmk/ipc/mach_msg.c +++ b/osfmk/ipc/mach_msg.c @@ -1,14 +1,19 @@ /* * Copyright (c) 2000-2005 Apple Computer, Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER @@ -18,7 +23,7 @@ * Please see the License for the specific language governing rights and * limitations under the License. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * @OSF_COPYRIGHT@ @@ -184,6 +189,9 @@ mach_msg_send( if ((send_size < sizeof(mach_msg_header_t)) || (send_size & 3)) return MACH_SEND_MSG_TOO_SMALL; + if (send_size > MACH_MSG_SIZE_MAX - MAX_TRAILER_SIZE) + return MACH_SEND_TOO_LARGE; + msg_and_trailer_size = send_size + MAX_TRAILER_SIZE; kmsg = ipc_kmsg_alloc(msg_and_trailer_size); @@ -583,6 +591,7 @@ mach_msg_overwrite_trap( mach_port_name_t notify = args->notify; mach_vm_address_t rcv_msg_addr = args->rcv_msg; mach_msg_size_t scatter_list_size = 0; /* NOT INITIALIZED - but not used in pactice */ + mach_port_seqno_t temp_seqno = 0; register mach_msg_header_t *hdr; mach_msg_return_t mr = MACH_MSG_SUCCESS; @@ -1489,7 +1498,6 @@ mach_msg_overwrite_trap( slow_copyin: { - mach_port_seqno_t temp_seqno = 0; register mach_port_name_t reply_name = (mach_port_name_t)hdr->msgh_local_port; @@ -1582,7 +1590,6 @@ mach_msg_overwrite_trap( { register ipc_port_t reply_port; - mach_port_seqno_t local_seqno; spl_t s; /* @@ -1659,7 +1666,7 @@ mach_msg_overwrite_trap( * no threads blocked waiting to send. */ dest_port = reply_port; - local_seqno = rcv_mqueue->imq_seqno++; + temp_seqno = rcv_mqueue->imq_seqno++; imq_unlock(rcv_mqueue); splx(s); @@ -1671,7 +1678,7 @@ mach_msg_overwrite_trap( ip_check_unlock(reply_port); if (option & MACH_RCV_TRAILER_MASK) { - trailer->msgh_seqno = local_seqno; + trailer->msgh_seqno = temp_seqno; trailer->msgh_trailer_size = REQUESTED_TRAILER_SIZE(option); } /* copy out the kernel reply */ @@ -1756,6 +1763,7 @@ mach_msg_overwrite_trap( /* LP64support - have to compute real size as it would be received */ reply_size = ipc_kmsg_copyout_size(kmsg, current_map()) + REQUESTED_TRAILER_SIZE(option); + temp_seqno = trailer->msgh_seqno; if (rcv_size < reply_size) { if (msg_receive_error(kmsg, msg_addr, option, temp_seqno, space) == MACH_RCV_INVALID_DATA) {