patch-2.1.120 linux/include/linux/socket.h

• Lines: 34
• Date: Thu Aug 27 19:33:08 1998
• Orig file: v2.1.119/linux/include/linux/socket.h
• Orig date: Mon Aug 3 12:45:47 1998

diff -u --recursive --new-file v2.1.119/linux/include/linux/socket.h linux/include/linux/socket.h
@@ -88,20 +88,27 @@
 
 /*
  *	Get the next cmsg header
+ *
+ *	PLEASE, do not touch this function. If you think, that it is
+ *	incorrect, grep kernel sources and think about consequences
+ *	before trying to improve it.
+ *
+ *	Now it always returns valid, not truncated ancillary object
+ *	HEADER. But caller still MUST check, that cmsg->cmsg_len is
+ *	inside range, given by msg->msg_controllen before using
+ *	ansillary object DATA.				--ANK (980731)
  */
  
 __KINLINE struct cmsghdr * __cmsg_nxthdr(void *__ctl, __kernel_size_t __size,
 					       struct cmsghdr *__cmsg)
 {
-	unsigned char * __ptr;
+	struct cmsghdr * __ptr;
 
-	if (__cmsg->cmsg_len < sizeof(struct cmsghdr))
-		return NULL;
-	__ptr = ((unsigned char *) __cmsg) +  CMSG_ALIGN(__cmsg->cmsg_len);
-	if (__ptr >= (unsigned char *) __ctl + __size)
+	__ptr = (struct cmsghdr*)(((unsigned char *) __cmsg) +  CMSG_ALIGN(__cmsg->cmsg_len));
+	if ((unsigned long)((char*)(__ptr+1) - (char *) __ctl) > __size)
 		return NULL;
 
-	return (struct cmsghdr *) __ptr;
+	return __ptr;
 }
 
 __KINLINE struct cmsghdr * cmsg_nxthdr (struct msghdr *__msg, struct cmsghdr *__cmsg)