# HG changeset patch # User David Watson # Date 1314222596 -3600 # Node ID d1fe52ec2578d2329f48f46d88fbbd2de209dc51 # Parent b07b0b7517da032fc2237fdab08c923465ae37e3 Restore check for msg->msg_controllen < 0 in cmsg_min_space(). diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -1749,7 +1749,8 @@ cmsg_min_space(struct msghdr *msg, struc static const size_t cmsg_len_end = (offsetof(struct cmsghdr, cmsg_len) + sizeof(cmsgh->cmsg_len)); - if (cmsgh == NULL || msg->msg_control == NULL) + /* Note that POSIX allows msg_controllen to be of signed type. */ + if (cmsgh == NULL || msg->msg_control == NULL || msg->msg_controllen < 0) return 0; if (space < cmsg_len_end) space = cmsg_len_end;