From a9cf39b0b32f89a50fda63bdafa2e61023916f3a Mon Sep 17 00:00:00 2001
From: swapnili <swapnil.ingle@nutanix.com>
Date: Tue, 1 Dec 2020 17:40:54 +0100
Subject: Check for truncated response in get_request_sock() (#142)

Signed-off-by: Swapnil Ingle <swapnil.ingle@nutanix.com>
Reviewed-by: John Levon <john.levon@nutanix.com>
---
 lib/tran_sock.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/tran_sock.c b/lib/tran_sock.c
index 74e50f7..7649244 100644
--- a/lib/tran_sock.c
+++ b/lib/tran_sock.c
@@ -673,6 +673,10 @@ get_request_sock(vfu_ctx_t *vfu_ctx, struct vfio_user_header *hdr,
         return -errno;
     }
 
+    if (msg.msg_flags & MSG_CTRUNC || msg.msg_flags & MSG_TRUNC) {
+        return -EFAULT;
+    }
+
     for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
         if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS) {
             continue;
-- 
cgit v1.1