The following reply was made to PR bin/38396; it has been noted by GNATS.
From: Martin Husemann <martin@xxxxxxxxxxx>
Subject: Re: bin/38396: sshd does not work
Date: Sun, 13 Apr 2008 16:11:49 +0200
On Sun, Apr 13, 2008 at 01:55:01PM +0000, Andrew Doran wrote:
> Naively we
> could do this, but I haven't read enough of the surrounding code yet to know
> if its safe.
> 1021 /* Sanity check the control message header. */
> 1022 if (cm->cmsg_type != SCM_RIGHTS || cm->cmsg_level != SOL_SOCKET
> 1023 cm->cmsg_len > control->m_len)
> 1024 return (EINVAL);
Note that OpenBSD did that, but just changed it again to only allow the exact
and the padded length.
I tend to leave the kernel alone and backout that change from sshd instead.