diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-01-09 00:44:47 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-01-09 00:44:47 +0000 |
commit | 60e1acb57749992e48192a1fa8ba586d171a17f1 (patch) | |
tree | 13cb2a9a4239e59eb872efc87ec53ba69ac14b85 /pkg/sentry/socket | |
parent | 517c5134025acdc1ff7277627c000bf2cd7e3a11 (diff) | |
parent | b3ae8a62cfdf13821d35467d4150ed983ac556f1 (diff) |
Merge release-20191213.0-80-gb3ae8a6 (automated)
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r-- | pkg/sentry/socket/control/control.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pkg/sentry/socket/control/control.go b/pkg/sentry/socket/control/control.go index af1a4e95f..4301b697c 100644 --- a/pkg/sentry/socket/control/control.go +++ b/pkg/sentry/socket/control/control.go @@ -471,6 +471,9 @@ func Parse(t *kernel.Task, socketOrEndpoint interface{}, buf []byte) (socket.Con case linux.SOL_IP: switch h.Type { case linux.IP_TOS: + if length < linux.SizeOfControlMessageTOS { + return socket.ControlMessages{}, syserror.EINVAL + } cmsgs.IP.HasTOS = true binary.Unmarshal(buf[i:i+linux.SizeOfControlMessageTOS], usermem.ByteOrder, &cmsgs.IP.TOS) i += AlignUp(length, width) @@ -481,6 +484,9 @@ func Parse(t *kernel.Task, socketOrEndpoint interface{}, buf []byte) (socket.Con case linux.SOL_IPV6: switch h.Type { case linux.IPV6_TCLASS: + if length < linux.SizeOfControlMessageTClass { + return socket.ControlMessages{}, syserror.EINVAL + } cmsgs.IP.HasTClass = true binary.Unmarshal(buf[i:i+linux.SizeOfControlMessageTClass], usermem.ByteOrder, &cmsgs.IP.TClass) i += AlignUp(length, width) |