#include <sys/un.h>
#include "fdpass.h"
+#include "macros.h"
/*----- Main code ---------------------------------------------------------*/
struct cmsghdr *cmsg;
#endif
- iov.iov_base = (/*unconst*/ void *)p;
+ iov.iov_base = UNCONST(void, p);
iov.iov_len = sz;
msg.msg_name = 0;
msg.msg_namelen = 0;
* otherwise it will. At most one descriptor will be collected.
*/
+/* Qemu 2.8.1 clobbers 12 bytes beyond the end of the control-message
+ * buffer. This is fixed in 2.12, but I'll bodge it for the sake of Debian
+ * stable.
+ */
+#define QEMU_SCRATCHSZ 16
+
ssize_t fdpass_recv(int sock, int *fd, void *p, size_t sz)
{
struct iovec iov;
struct msghdr msg;
ssize_t rc;
#ifndef HAVE_MSG_ACCRIGHTS
- char buf[CMSG_SPACE(sizeof(fd))];
+ char buf[CMSG_SPACE(sizeof(fd)) + QEMU_SCRATCHSZ];
struct cmsghdr *cmsg;
int fdtmp;
#endif
#else
msg.msg_flags = 0;
msg.msg_control = buf;
- msg.msg_controllen = sizeof(buf);
+ msg.msg_controllen = sizeof(buf) - QEMU_SCRATCHSZ;
#endif
if ((rc = recvmsg(sock, &msg, 0)) < 0)
return (rc);
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
if (cmsg->cmsg_level == SOL_SOCKET &&
cmsg->cmsg_type == SCM_RIGHTS &&
- cmsg->cmsg_len >= CMSG_LEN(sizeof(fd))) {
+ cmsg->cmsg_len >= CMSG_LEN(sizeof(*fd))) {
memcpy(&fdtmp, CMSG_DATA(cmsg), sizeof(fdtmp));
if (*fd == -1)
*fd = fdtmp;
return (rc);
}
+#undef QEMU_SCRATCHSZ
+
/*----- That's all, folks -------------------------------------------------*/
~mdw / mLib / blobdiff