Re: Linux recvfrom() broken (was: DNS problems)

Olaf Titz (olaf@bigred.inka.de)
Wed, 19 Aug 1998 12:13:11 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tigran Aivazian: "smpdump utility - exists or not?"
Previous message: Geert Uytterhoeven: "Re: Any heads-up moving from 2.0.34 to 2.1.115?"
In reply to: Steven N. Hirsch: "Re: Linux 2.1.x showstopper list"
Next in thread: Keith Owens: "Re: 2.1.116p2 + modules = undefined symbols"

> Linux 2.0 returns the number of bytes removed from the queue not the
> number copied. It doesn't overrun the buffer.

>From 2.1.115 net/ipv4/udp.c udp_recvmsg():
skb = skb_recv_datagram(sk, flags, noblock, &err);
if (!skb)
goto out;

copied = skb->len - sizeof(struct udphdr);
if (copied > len)
{
copied = len;
msg->msg_flags |= MSG_TRUNC;
}
/*...*/
err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov,
copied);
if (err)
goto out_free;
/*...*/
if (sk->ip_cmsg_flags)
ip_cmsg_recv(msg, skb);
err = copied;

out_free:
skb_free_datagram(sk, skb);
out:
return err;

As I read this, the amount copied is limited to the size of the user
buffer (of course), and the number returned _is_ the amount copied.
As I needed it for another purpose, I've just compared this routine
with the one in 2.0.35 line by line and the only change was the
MSG_TRUNC setting, which 2.0.35 doesn't have.

How can the above code possibly return a value greater than "len"?

olaf

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Tigran Aivazian: "smpdump utility - exists or not?"
Previous message: Geert Uytterhoeven: "Re: Any heads-up moving from 2.0.34 to 2.1.115?"
In reply to: Steven N. Hirsch: "Re: Linux 2.1.x showstopper list"
Next in thread: Keith Owens: "Re: 2.1.116p2 + modules = undefined symbols"