summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls/linux/vfs2
diff options
context:
space:
mode:
authorAndrei Vagin <avagin@google.com>2021-02-22 11:37:13 -0800
committergVisor bot <gvisor-bot@google.com>2021-02-22 11:51:30 -0800
commitc5a4e100085ccbd063df36706cccf93951439cb7 (patch)
treef97c68b9043fec0c37df46a94b8bf1e79fc22422 /pkg/sentry/syscalls/linux/vfs2
parent19fe3a2bfb72622c307311dc61019238896a756b (diff)
unix: sendmmsg and recvmsg have to cap a number of message to UIO_MAXIOV
Reported-by: syzbot+f2489ba0b999a45d1ad1@syzkaller.appspotmail.com PiperOrigin-RevId: 358866218
Diffstat (limited to 'pkg/sentry/syscalls/linux/vfs2')
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/socket.go8
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/sentry/syscalls/linux/vfs2/socket.go b/pkg/sentry/syscalls/linux/vfs2/socket.go
index 7636ca453..346fd1cea 100644
--- a/pkg/sentry/syscalls/linux/vfs2/socket.go
+++ b/pkg/sentry/syscalls/linux/vfs2/socket.go
@@ -660,6 +660,10 @@ func RecvMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
return 0, nil, syserror.EINVAL
}
+ if vlen > linux.UIO_MAXIOV {
+ vlen = linux.UIO_MAXIOV
+ }
+
// Reject flags that we don't handle yet.
if flags & ^(baseRecvFlags|linux.MSG_CMSG_CLOEXEC|linux.MSG_ERRQUEUE) != 0 {
return 0, nil, syserror.EINVAL
@@ -941,6 +945,10 @@ func SendMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
return 0, nil, syserror.EINVAL
}
+ if vlen > linux.UIO_MAXIOV {
+ vlen = linux.UIO_MAXIOV
+ }
+
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {