From 536333f5835e152dcd8de77061bcaffedd2fcfd2 Mon Sep 17 00:00:00 2001 From: bluhm Date: Sun, 4 Sep 2022 09:04:27 +0000 Subject: [PATCH] Use pru_send function to check socket splicing compatibility. Only checking socket type is not sufficient as it could splice together unix and inet sockets resulting in crashes. As splicing is about sending, the same send function looks like a good criteria. Reported-by: syzbot+fc6901d63d858d5dd00a@syzkaller.appspotmail.com Reported-by: syzbot+0e026f1bf8b259c6395e@syzkaller.appspotmail.com OK gnezdo@ --- sys/kern/uipc_socket.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index d2b75a3d67f..52a3fda1358 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_socket.c,v 1.287 2022/09/03 13:29:33 mvs Exp $ */ +/* $OpenBSD: uipc_socket.c,v 1.288 2022/09/04 09:04:27 bluhm Exp $ */ /* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */ /* @@ -1293,7 +1293,8 @@ sosplice(struct socket *so, int fd, off_t max, struct timeval *tv) if ((error = getsock(curproc, fd, &fp)) != 0) return (error); sosp = fp->f_data; - if (sosp->so_proto->pr_type != so->so_proto->pr_type) { + if (sosp->so_proto->pr_usrreqs->pru_send != + so->so_proto->pr_usrreqs->pru_send) { error = EPROTONOSUPPORT; goto frele; } -- 2.20.1