fix corrupt sysvipc timestamps on 32-bit archs with old kernels

kernel commit 4693916846269d633a3664586650dbfac2c5562f (first included in release v4.14) silently fixed a bug whereby the reserved space (which was later used for high bits of time) in IPC_STAT structures was left untouched rather than zeroed. this means that a caller that wants to read the high bits needs to pre-zero the memory. since it's not clear that these operations are permitted to modify the destination buffer on failure, use a temp buffer and copy back to the caller's buffer on success.

fix corrupt sysvipc timestamps on 32-bit archs with old kernels
kernel commit 4693916846269d633a3664586650dbfac2c5562f (first included in release v4.14) silently fixed a bug whereby the reserved space (which was later used for high bits of time) in IPC_STAT structures was left untouched rather than zeroed. this means that a caller that wants to read the high bits needs to pre-zero the memory. since it's not clear that these operations are permitted to modify the destination buffer on failure, use a temp buffer and copy back to the caller's buffer on success.
2b2c8aaf · Rich Felker · 5db475f0 · 2b2c8aaf · 2b2c8aaf · 2b2c8aaf
隐藏空白更改
内联并排

Showing with 30 addition and 0 deletion

src/ipc/msgctl.c src/ipc/msgctl.c +10 -0

src/ipc/semctl.c src/ipc/semctl.c +10 -0

src/ipc/shmctl.c src/ipc/shmctl.c +10 -0

未找到文件。
--- a/src/ipc/msgctl.c
+++ b/src/ipc/msgctl.c
@@ -9,6 +9,14 @@

 int msgctl(int q, int cmd, struct msqid_ds *buf)
 {
+#if IPC_TIME64
+	struct msqid_ds out, *orig;
+	if (cmd&IPC_TIME64) {
+		out = (struct msqid_ds){0};
+		orig = buf;
+		buf = &out;
+	}
+#endif
 #ifdef SYSCALL_IPC_BROKEN_MODE
 	struct msqid_ds tmp;
 	if (cmd == IPC_SET) {
@@ -32,6 +40,8 @@ int msgctl(int q, int cmd, struct msqid_ds *buf)
 #endif
 #if IPC_TIME64
 	if (r >= 0 && (cmd&IPC_TIME64)) {
+		buf = orig;
+		*buf = out;
 		IPC_HILO(buf, msg_stime);
 		IPC_HILO(buf, msg_rtime);
 		IPC_HILO(buf, msg_ctime);

--- a/src/ipc/semctl.c
+++ b/src/ipc/semctl.c
@@ -28,6 +28,14 @@ int semctl(int id, int num, int cmd, ...)
 		arg = va_arg(ap, union semun);
 		va_end(ap);
 	}
+#if IPC_TIME64
+	struct semid_ds out, *orig;
+	if (cmd&IPC_TIME64) {
+		out = (struct semid_ds){0};
+		orig = arg.buf;
+		arg.buf = &out;
+	}
+#endif
 #ifdef SYSCALL_IPC_BROKEN_MODE
 	struct semid_ds tmp;
 	if (cmd == IPC_SET) {
@@ -51,6 +59,8 @@ int semctl(int id, int num, int cmd, ...)
 #endif
 #if IPC_TIME64
 	if (r >= 0 && (cmd&IPC_TIME64)) {
+		arg.buf = orig;
+		*arg.buf = out;
 		IPC_HILO(arg.buf, sem_otime);
 		IPC_HILO(arg.buf, sem_ctime);
 	}

--- a/src/ipc/shmctl.c
+++ b/src/ipc/shmctl.c
@@ -9,6 +9,14 @@

 int shmctl(int id, int cmd, struct shmid_ds *buf)
 {
+#if IPC_TIME64
+	struct shmid_ds out, *orig;
+	if (cmd&IPC_TIME64) {
+		out = (struct shmid_ds){0};
+		orig = buf;
+		buf = &out;
+	}
+#endif
 #ifdef SYSCALL_IPC_BROKEN_MODE
 	struct shmid_ds tmp;
 	if (cmd == IPC_SET) {
@@ -32,6 +40,8 @@ int shmctl(int id, int cmd, struct shmid_ds *buf)
 #endif
 #if IPC_TIME64
 	if (r >= 0 && (cmd&IPC_TIME64)) {
+		buf = orig;
+		*buf = out;
 		IPC_HILO(buf, shm_atime);
 		IPC_HILO(buf, shm_dtime);
 		IPC_HILO(buf, shm_ctime);