copyinmsg: Check that we have not overflown

This if of course too late in case of a failure, but better assert than get awful bugs, and it's really not supposed to happen.
author: Samuel Thibault <samuel.thibault@ens-lyon.org> 2023-10-01 17:35:01 +0200
committer: Samuel Thibault <samuel.thibault@ens-lyon.org> 2023-10-01 19:33:20 +0200
commit: b63dea5ca946c3956637a7bf85a1002866b20cd6 (patch)
tree: 682eb89c30f95c85a4a2b158fcdfa867c2fa56c8 /ipc
parent: 126c0364bf7d72d4f2ecf1ad2f4ebe1d2667940d (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/ipc/ipc_kmsg.c b/ipc/ipc_kmsg.c
index 105e54d4..33e4d57c 100644
--- a/ipc/ipc_kmsg.c
+++ b/ipc/ipc_kmsg.c
@@ -505,7 +505,7 @@ ipc_kmsg_get(
 		ikm_init(kmsg, ksize);
 	}
 
-	if (copyinmsg(msg, &kmsg->ikm_header, size)) {
+	if (copyinmsg(msg, &kmsg->ikm_header, size, kmsg->ikm_size)) {
 		ikm_free(kmsg);
 		return MACH_SEND_INVALID_DATA;
 	}
diff --git a/ipc/mach_msg.c b/ipc/mach_msg.c
index fb6e6dfc..118ce4b3 100644
--- a/ipc/mach_msg.c
+++ b/ipc/mach_msg.c
@@ -460,7 +460,7 @@ mach_msg_trap(
 			goto slow_get;
 
 		if (copyinmsg(msg, &kmsg->ikm_header,
-			      send_size)) {
+			      send_size, kmsg->ikm_size)) {
 			ikm_free(kmsg);
 			goto slow_get;
 		}
author	Samuel Thibault <samuel.thibault@ens-lyon.org>	2023-10-01 17:35:01 +0200
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2023-10-01 19:33:20 +0200
commit	b63dea5ca946c3956637a7bf85a1002866b20cd6 (patch)
tree	682eb89c30f95c85a4a2b158fcdfa867c2fa56c8 /ipc
parent	126c0364bf7d72d4f2ecf1ad2f4ebe1d2667940d (diff)