summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorDean Deng <deandeng@google.com>2021-01-26 09:47:24 -0800
committergVisor bot <gvisor-bot@google.com>2021-01-26 09:49:31 -0800
commitabdff887483f1d9487bffa0278dd6f7a40e59a74 (patch)
tree94c35cfbf9487a5c9888fad352b971e09715b61e /pkg/sentry
parentdaf0d3f6ca3aad6f3f9ab4d762546c6dee78fa57 (diff)
Do not send SCM Rights more than once when message is truncated.
If data is sent over a stream socket that will not fit all at once, it will be sent over multiple packets. SCM Rights should only be sent with the first packet (see net/unix/af_unix.c:unix_stream_sendmsg in Linux). Reported-by: syzbot+aa26482e9c4887aff259@syzkaller.appspotmail.com PiperOrigin-RevId: 353886442
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/socket/unix/unix.go3
1 files changed, 3 insertions, 0 deletions
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index 6c4ec55b2..32e5d2304 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -496,6 +496,9 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
return int(n), syserr.FromError(err)
}
+ // Only send SCM Rights once (see net/unix/af_unix.c:unix_stream_sendmsg).
+ w.Control.Rights = nil
+
// We'll have to block. Register for notification and keep trying to
// send all the data.
e, ch := waiter.NewChannelEntry(nil)