On Thu, 25 Mar 2021 08:31:09 +0100, Oliver Hartkopp wrote: > On 24.03.21 23:19, Richard Weinberger wrote: > >Oliver, > > > >----- Ursprüngliche Mail ----- > >>@@ -808,10 +810,13 @@ static int raw_recvmsg(struct socket *sock, struct msghdr > >>*msg, size_t size, > >> int noblock; > >> > >> noblock = flags & MSG_DONTWAIT; > >> flags &= ~MSG_DONTWAIT; > >> > >>+ if (msg->msg_name && msg->msg_namelen < RAW_MIN_NAMELEN) > >>+ return -EINVAL; > >>+ > > > >Like with Kurt's patch, my test fails here too because msg->msg_namelen is 0. > >->msg_namelen is always 0 in the recvfrom() case. > > Agreed! > > I just adopted that part and did no more testing yesterday (needed some > sleep). > > E.g. 'candump any' also fails at CAN frame reception time due to this wrong > check ;-) I'd like to understand how this check is wrong. msg->msg_namelen should contain the size of msg->msg_name, isn't it. if that is less than RAW_MIN_NAMELEN, you can't store the address. candump sets msg->msg_namelen to sizeof(), so it is not 0. > > Will send an update soon. looking forward Kurt
