IPv4: Truncate raw socket reads past buffer length

In addition to being the proper POSIX etiquette, it seems like a bad idea for issues like the one seen in #3428 to result in a kernel crash. This patch replaces the current behavior of failing on insufficient buffer size to truncating SOCK_RAW messages to the buffer size. This will have to change if/when MSG_PEEK is implemented, but for now this behavior is more compliant and logical than just bailing.
Author: https://github.com/a-bainbridge Commit: https://github.com/SerenityOS/serenity/commit/06218a40742 Pull-request: https://github.com/SerenityOS/serenity/pull/3448 Issue: https://github.com/SerenityOS/serenity/issues/3428
2020-09-09 22:12:50 -06:00 · 2020-09-09 22:12:50 -06:00 · 06218a4074 · 2024-07-19 02:47:44 +09:00
commit 06218a4074
parent 61060c0da8
1 changed files with 3 additions and 3 deletions
--- a/Kernel/Net/IPv4Socket.cpp
+++ b/Kernel/Net/IPv4Socket.cpp
@ -338,9 +338,9 @@ KResultOr<size_t> IPv4Socket::receive_packet_buffered(FileDescription& descripti
    }

    if (type() == SOCK_RAW) {
-        ASSERT(buffer_length >= ipv4_packet.payload_size());
-        memcpy(buffer, ipv4_packet.payload(), ipv4_packet.payload_size());
-        return ipv4_packet.payload_size();
+        size_t bytes_written = min((size_t) ipv4_packet.payload_size(), buffer_length);
+        memcpy(buffer, ipv4_packet.payload(), bytes_written);
+        return bytes_written;
    }

    return protocol_receive(packet.data.value(), buffer, buffer_length, flags);