IPC msgctl MSG_STAT broken, fix proposal attached

Clemens Huebner (clemens.huebner@att.net)
Mon, 31 May 1999 00:36:46 -0700


Hi,

i just joined the list, so i don't know whether someone else already
fixed this:

The message queue changes in 2.3.3 breaks the MSG_STAT function of the
msgctl ipc
userland function (segmentation fault due to buffer flow).

There are two possibilities to fix this:
1) change all userland programs to use the new msqid_ds structure. That
would be a major
hassle and have no real advantages
2) change the kernel to put out the structure with the old offsets.
Since the changed
fields are not copied out anyways, there is no drawback (except for
increasing
kernel source sice.

Clemens

Here's the patch:
diff -ur linux/include/linux/msg.h linux.new/include/linux/msg.h
--- linux/include/linux/msg.h Sat May 15 16:34:43 1999
+++ linux.new/include/linux/msg.h Sat May 29 21:03:42 1999
@@ -27,6 +27,25 @@
__kernel_ipc_pid_t msg_lspid; /* pid of last msgsnd */
__kernel_ipc_pid_t msg_lrpid; /* last receive pid */
};
+/* to keep compatibility with ipc msgctl syscall, keep old msqid_ds
+ struct */
+struct msqid_u_ds
+{
+ struct ipc_perm msg_perm;
+ struct msg *__msg_first;
+ struct msg *__msg_last;
+ __kernel_time_t msg_stime;
+ __kernel_time_t msg_rtime;
+ __kernel_time_t msg_ctime;
+ void *__wwait; /* not transmitted to userland */
+ void *__rwait; /* not transmitted to userland */
+ unsigned short int msg_cbytes;
+ unsigned short int msg_qnum;
+ unsigned short int msg_qbytes;
+ __kernel_ipc_pid_t msg_lspid;
+ __kernel_ipc_pid_t msg_lrpid;
+};
+

/* message buffer for msgsnd and msgrcv calls */
struct msgbuf {
@@ -73,7 +92,7 @@
asmlinkage int sys_msgsnd (int msqid, struct msgbuf *msgp, size_t
msgsz, int ms
gflg);
asmlinkage int sys_msgrcv (int msqid, struct msgbuf *msgp, size_t
msgsz, long m
sgtyp,
int msgflg);
-asmlinkage int sys_msgctl (int msqid, int cmd, struct msqid_ds *buf);
+asmlinkage int sys_msgctl (int msqid, int cmd, struct msqid_u_ds *buf);

#endif /* __KERNEL__ */

diff -ur linux/ipc/msg.c linux.new/ipc/msg.c
--- linux/ipc/msg.c Sat May 29 16:50:49 1999
+++ linux.new/ipc/msg.c Sat May 29 19:41:39 1999
@@ -352,11 +352,11 @@
kfree(msq);
}

-asmlinkage int sys_msgctl (int msqid, int cmd, struct msqid_ds *buf)
+asmlinkage int sys_msgctl (int msqid, int cmd, struct msqid_u_ds *buf)
{
int id, err = -EINVAL;
struct msqid_ds *msq;
- struct msqid_ds tbuf;
+ struct msqid_u_ds tbuf;
struct ipc_perm *ipcp;

printk("msgctl: %d %d %p\n",msqid,cmd,buf);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/