设置复杂的 mach 消息头
Setup complex mach message header
我正在尝试设置一个 mach 消息以使用 mach IPC 发送越界的字符串。但是,我在尝试发送越界消息时收到 (ipc/send) invalid msg-header 错误。
消息结构如下。
struct ool_msg
{
mach_msg_header_t header;
mach_msg_body_t body;
mach_msg_ool_descriptor_t data;
mach_msg_type_number_t count;
};
我正在这样设置页眉。下面的变量msg是一个struct ool_msg.
hdr = &(msg.header);
hdr->msgh_bits = MACH_MSGH_BITS_LOCAL(MACH_MSG_TYPE_COPY_SEND);
hdr->msgh_bits |= MACH_MSGH_BITS_COMPLEX;
hdr->msgh_size = sizeof(msg);
hdr->msgh_local_port = MACH_PORT_NULL;
hdr->msgh_remote_port = port;
这就是我设置 Mach 消息其余部分的方式。
msg.body.msgh_descriptor_count = 1;
msg.data.address = string;
msg.data.size = strlen(string) + 1;
msg.data.deallocate = FALSE;
msg.data.copy = MACH_MSG_VIRTUAL_COPY;
msg.data.type = MACH_MSG_OOL_DESCRIPTOR;
msg.count = msg.data.size;
那么如何正确设置 OOL Mach IPC 的消息头?
编辑
这是一个重现我的问题的程序。
#include <stdio.h>
#include <mach/mach.h>
static char *string = "123456789";
struct ool_msg
{
mach_msg_header_t header;
mach_msg_body_t body;
mach_msg_ool_descriptor_t data;
mach_msg_type_number_t count;
};
int main(void)
{
kern_return_t err;
struct ool_msg msg;
mach_msg_header_t *hdr;
mach_port_t port = MACH_PORT_NULL;
err = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &port);
if(err != KERN_SUCCESS)
{
mach_error("Can't allocate mach port\n", err);
return (-1);
}
err = mach_port_insert_right(mach_task_self(), port, port,
MACH_MSG_TYPE_MAKE_SEND);
if(err != KERN_SUCCESS)
{
mach_error("Can't insert port right\n", err);
return (-1);
}
hdr = &(msg.header);
hdr->msgh_bits = MACH_MSGH_BITS_LOCAL(MACH_MSG_TYPE_COPY_SEND);
hdr->msgh_bits |= MACH_MSGH_BITS_COMPLEX;
hdr->msgh_size = sizeof(msg);
hdr->msgh_local_port = MACH_PORT_NULL;
hdr->msgh_remote_port = port;
msg.body.msgh_descriptor_count = 1;
msg.data.address = string;
msg.data.size = strlen(string) + 1;
msg.data.deallocate = FALSE;
msg.data.copy = MACH_MSG_VIRTUAL_COPY;
msg.data.type = MACH_MSG_OOL_DESCRIPTOR;
msg.count = msg.data.size;
err = mach_msg(hdr,
MACH_SEND_MSG,
hdr->msgh_size,
0,
MACH_PORT_NULL,
MACH_MSG_TIMEOUT_NONE,
MACH_PORT_NULL);
if(err != KERN_SUCCESS)
{
mach_error("Can't send mach msg\n", err);
return (-1);
}
return (0);
}
作为the docs状态:
MACH_MSGH_BITS_REMOTE and MACH_MSGH_BITS_LOCAL macros return the
appropriate mach_msg_type_name_t values, given a msgh_bits value. The
MACH_MSGH_BITS macro constructs a value for msgh_bits, given two
mach_msg_type_name_t values.
因此在设置mach_msg_header_t.msgh_bits时需要使用MACH_MSGH_BITS宏而不是MACH_MSGH_BITS_LOCAL宏。否则,您会将其设置为 mach_msg_type_name_t 而不是您想要的 msgh_bits。
澄清一下,您需要类似下面的代码来获取您的 msgh_bits:
hdr->msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, MACH_MSG_TYPE_MAKE_SEND)
我正在尝试设置一个 mach 消息以使用 mach IPC 发送越界的字符串。但是,我在尝试发送越界消息时收到 (ipc/send) invalid msg-header 错误。
消息结构如下。
struct ool_msg
{
mach_msg_header_t header;
mach_msg_body_t body;
mach_msg_ool_descriptor_t data;
mach_msg_type_number_t count;
};
我正在这样设置页眉。下面的变量msg是一个struct ool_msg.
hdr = &(msg.header);
hdr->msgh_bits = MACH_MSGH_BITS_LOCAL(MACH_MSG_TYPE_COPY_SEND);
hdr->msgh_bits |= MACH_MSGH_BITS_COMPLEX;
hdr->msgh_size = sizeof(msg);
hdr->msgh_local_port = MACH_PORT_NULL;
hdr->msgh_remote_port = port;
这就是我设置 Mach 消息其余部分的方式。
msg.body.msgh_descriptor_count = 1;
msg.data.address = string;
msg.data.size = strlen(string) + 1;
msg.data.deallocate = FALSE;
msg.data.copy = MACH_MSG_VIRTUAL_COPY;
msg.data.type = MACH_MSG_OOL_DESCRIPTOR;
msg.count = msg.data.size;
那么如何正确设置 OOL Mach IPC 的消息头?
编辑
这是一个重现我的问题的程序。
#include <stdio.h>
#include <mach/mach.h>
static char *string = "123456789";
struct ool_msg
{
mach_msg_header_t header;
mach_msg_body_t body;
mach_msg_ool_descriptor_t data;
mach_msg_type_number_t count;
};
int main(void)
{
kern_return_t err;
struct ool_msg msg;
mach_msg_header_t *hdr;
mach_port_t port = MACH_PORT_NULL;
err = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &port);
if(err != KERN_SUCCESS)
{
mach_error("Can't allocate mach port\n", err);
return (-1);
}
err = mach_port_insert_right(mach_task_self(), port, port,
MACH_MSG_TYPE_MAKE_SEND);
if(err != KERN_SUCCESS)
{
mach_error("Can't insert port right\n", err);
return (-1);
}
hdr = &(msg.header);
hdr->msgh_bits = MACH_MSGH_BITS_LOCAL(MACH_MSG_TYPE_COPY_SEND);
hdr->msgh_bits |= MACH_MSGH_BITS_COMPLEX;
hdr->msgh_size = sizeof(msg);
hdr->msgh_local_port = MACH_PORT_NULL;
hdr->msgh_remote_port = port;
msg.body.msgh_descriptor_count = 1;
msg.data.address = string;
msg.data.size = strlen(string) + 1;
msg.data.deallocate = FALSE;
msg.data.copy = MACH_MSG_VIRTUAL_COPY;
msg.data.type = MACH_MSG_OOL_DESCRIPTOR;
msg.count = msg.data.size;
err = mach_msg(hdr,
MACH_SEND_MSG,
hdr->msgh_size,
0,
MACH_PORT_NULL,
MACH_MSG_TIMEOUT_NONE,
MACH_PORT_NULL);
if(err != KERN_SUCCESS)
{
mach_error("Can't send mach msg\n", err);
return (-1);
}
return (0);
}
作为the docs状态:
MACH_MSGH_BITS_REMOTEandMACH_MSGH_BITS_LOCALmacros return the appropriatemach_msg_type_name_tvalues, given amsgh_bitsvalue. TheMACH_MSGH_BITSmacro constructs a value formsgh_bits, given twomach_msg_type_name_tvalues.
因此在设置mach_msg_header_t.msgh_bits时需要使用MACH_MSGH_BITS宏而不是MACH_MSGH_BITS_LOCAL宏。否则,您会将其设置为 mach_msg_type_name_t 而不是您想要的 msgh_bits。
澄清一下,您需要类似下面的代码来获取您的 msgh_bits:
hdr->msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, MACH_MSG_TYPE_MAKE_SEND)