diff options
| author | swapnili <swapnil.ingle@nutanix.com> | 2020-12-01 17:40:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-01 17:40:54 +0100 |
| commit | a9cf39b0b32f89a50fda63bdafa2e61023916f3a (patch) | |
| tree | c502d32cff3451c44de35049a65e803947129259 /lib/tran_sock.c | |
| parent | 892de236f336f5cee84a864da2639e7c64998e98 (diff) | |
| download | libvfio-user-a9cf39b0b32f89a50fda63bdafa2e61023916f3a.zip libvfio-user-a9cf39b0b32f89a50fda63bdafa2e61023916f3a.tar.gz libvfio-user-a9cf39b0b32f89a50fda63bdafa2e61023916f3a.tar.bz2 | |
Check for truncated response in get_request_sock() (#142)
Signed-off-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
Diffstat (limited to 'lib/tran_sock.c')
| -rw-r--r-- | lib/tran_sock.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/tran_sock.c b/lib/tran_sock.c index 74e50f7..7649244 100644 --- a/lib/tran_sock.c +++ b/lib/tran_sock.c @@ -673,6 +673,10 @@ get_request_sock(vfu_ctx_t *vfu_ctx, struct vfio_user_header *hdr, return -errno; } + if (msg.msg_flags & MSG_CTRUNC || msg.msg_flags & MSG_TRUNC) { + return -EFAULT; + } + for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; cmsg = CMSG_NXTHDR(&msg, cmsg)) { if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS) { continue; |