d/numam-spdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rte_virtio: check payload size in vhost_user_read

Browse Source 
Make sure the recv() can't write beyond the end of the msg buffer.

Change-Id: Ibc4bb51ac3a1c2a027a458d59356b7a5496eca7e
Signed-off-by: Daniel Verkamp <daniel.verkamp@intel.com>
Reviewed-on: https://review.gerrithub.io/383646
Tested-by: SPDK Automated Test System <sys_sgsw@intel.com>
Reviewed-by: Dariusz Stojaczyk <dariuszx.stojaczyk@intel.com>
This commit is contained in:
Daniel Verkamp 2017-10-24 12:27:03 -07:00
parent 22077b210b
commit d822c2055e
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/bdev/virtio/rte_virtio/virtio_user/vhost_user.c
View File

@ -131,6 +131,13 @@ vhost_user_read(int fd, struct vhost_user_msg *msg)
}
sz_payload = msg->size;
if (sizeof(*msg) - sz_hdr < sz_payload) {
SPDK_WARNLOG("Received oversized msg: payload size %zu > available space %zu\n",
sz_payload, sizeof(*msg) - sz_hdr);
goto fail;
}
if (sz_payload) {
ret = recv(fd, (void *)((char *)msg + sz_hdr), sz_payload, 0);
if ((size_t)ret != sz_payload) {