Merge branch 'master' into iptables-write-input-drop

author: Kevin Krakauer <krakauer@google.com> 2020-01-13 12:22:15 -0800
committer: Kevin Krakauer <krakauer@google.com> 2020-01-13 12:22:15 -0800
commit: 31e49f4b19309259baeeb63e7b6ef41f8edd6d35 (patch)
tree: ad6cae1ad4f173946eb68156653bea84d7254f81 /pkg/sentry/socket/control
parent: d147e6d1b29d25607bcdcdb0beddb5122fea085e (diff)
parent: b30cfb1df72e201c6caf576bbef8fcc968df2d41 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/pkg/sentry/socket/control/control.go b/pkg/sentry/socket/control/control.go
index af1a4e95f..4301b697c 100644
--- a/pkg/sentry/socket/control/control.go
+++ b/pkg/sentry/socket/control/control.go
@@ -471,6 +471,9 @@ func Parse(t *kernel.Task, socketOrEndpoint interface{}, buf []byte) (socket.Con
 		case linux.SOL_IP:
 			switch h.Type {
 			case linux.IP_TOS:
+				if length < linux.SizeOfControlMessageTOS {
+					return socket.ControlMessages{}, syserror.EINVAL
+				}
 				cmsgs.IP.HasTOS = true
 				binary.Unmarshal(buf[i:i+linux.SizeOfControlMessageTOS], usermem.ByteOrder, &cmsgs.IP.TOS)
 				i += AlignUp(length, width)
@@ -481,6 +484,9 @@ func Parse(t *kernel.Task, socketOrEndpoint interface{}, buf []byte) (socket.Con
 		case linux.SOL_IPV6:
 			switch h.Type {
 			case linux.IPV6_TCLASS:
+				if length < linux.SizeOfControlMessageTClass {
+					return socket.ControlMessages{}, syserror.EINVAL
+				}
 				cmsgs.IP.HasTClass = true
 				binary.Unmarshal(buf[i:i+linux.SizeOfControlMessageTClass], usermem.ByteOrder, &cmsgs.IP.TClass)
 				i += AlignUp(length, width)
author	Kevin Krakauer <krakauer@google.com>	2020-01-13 12:22:15 -0800
committer	Kevin Krakauer <krakauer@google.com>	2020-01-13 12:22:15 -0800
commit	31e49f4b19309259baeeb63e7b6ef41f8edd6d35 (patch)
tree	ad6cae1ad4f173946eb68156653bea84d7254f81 /pkg/sentry/socket/control
parent	d147e6d1b29d25607bcdcdb0beddb5122fea085e (diff)
parent	b30cfb1df72e201c6caf576bbef8fcc968df2d41 (diff)