[glibc] linux: Check for null value msghdr struct before use

public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed

* [glibc] linux: Check for null value msghdr struct before use
@ 2021-07-05 18:11 Adhemerval Zanella
  0 siblings, 0 replies; only message in thread
From: Adhemerval Zanella @ 2021-07-05 18:11 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c8935581de4ff931bc32fb03da5d87f0ee2378a1

commit c8935581de4ff931bc32fb03da5d87f0ee2378a1
Author: Khem Raj <raj.khem@gmail.com>
Date:   Fri Jul 2 13:28:10 2021 -0700

    linux: Check for null value msghdr struct before use
    
    This avoids crashes in libc when cmsg is null and refrencing msg
    structure when it is null
    
    Signed-off-by: Khem Raj <raj.khem@gmail.com>
    Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

Diff:
---
 sysdeps/unix/sysv/linux/convert_scm_timestamps.c | 2 ++
 sysdeps/unix/sysv/linux/recvmsg.c                | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
index d75a4618dd..5af71847f5 100644
--- a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
+++ b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
@@ -87,6 +87,8 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize)
 
   msg->msg_controllen += CMSG_SPACE (sizeof tvts);
   cmsg = CMSG_NXTHDR(msg, last);
+  if (cmsg == NULL)
+    return;
   cmsg->cmsg_level = SOL_SOCKET;
   cmsg->cmsg_type = type;
   cmsg->cmsg_len = CMSG_LEN (sizeof tvts);
diff --git a/sysdeps/unix/sysv/linux/recvmsg.c b/sysdeps/unix/sysv/linux/recvmsg.c
index a2a600228b..57c3cf7e36 100644
--- a/sysdeps/unix/sysv/linux/recvmsg.c
+++ b/sysdeps/unix/sysv/linux/recvmsg.c
@@ -25,7 +25,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
 {
   ssize_t r;
 #ifndef __ASSUME_TIME64_SYSCALLS
-  socklen_t orig_controllen = msg->msg_controllen;
+  socklen_t orig_controllen = msg != NULL ? msg->msg_controllen : 0;
 #endif
 
 #ifdef __ASSUME_RECVMSG_SYSCALL
@@ -35,7 +35,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
 #endif
 
 #ifndef __ASSUME_TIME64_SYSCALLS
-  if (r >= 0)
+  if (r >= 0 && orig_controllen != 0)
     __convert_scm_timestamps (msg, orig_controllen);
 #endif


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-07-05 18:11 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-05 18:11 [glibc] linux: Check for null value msghdr struct before use Adhemerval Zanella

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).