2 files changed, 16 insertions, 0 deletions

diff --git a/pkg/sentry/syscalls/linux/sys_socket.go b/pkg/sentry/syscalls/linux/sys_socket.go
index 686392cc8..c6adfe06b 100644
--- a/pkg/sentry/syscalls/linux/sys_socket.go
+++ b/pkg/sentry/syscalls/linux/sys_socket.go
@@ -657,6 +657,10 @@ func RecvMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
 		return 0, nil, syserror.EINVAL
 	}
 
+	if vlen > linux.UIO_MAXIOV {
+		vlen = linux.UIO_MAXIOV
+	}
+
 	// Reject flags that we don't handle yet.
 	if flags & ^(baseRecvFlags|linux.MSG_CMSG_CLOEXEC|linux.MSG_ERRQUEUE) != 0 {
 		return 0, nil, syserror.EINVAL
@@ -938,6 +942,10 @@ func SendMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
 		return 0, nil, syserror.EINVAL
 	}
 
+	if vlen > linux.UIO_MAXIOV {
+		vlen = linux.UIO_MAXIOV
+	}
+
 	// Get socket from the file descriptor.
 	file := t.GetFile(fd)
 	if file == nil {
diff --git a/pkg/sentry/syscalls/linux/vfs2/socket.go b/pkg/sentry/syscalls/linux/vfs2/socket.go
index 7636ca453..346fd1cea 100644
--- a/pkg/sentry/syscalls/linux/vfs2/socket.go
+++ b/pkg/sentry/syscalls/linux/vfs2/socket.go
@@ -660,6 +660,10 @@ func RecvMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
 		return 0, nil, syserror.EINVAL
 	}
 
+	if vlen > linux.UIO_MAXIOV {
+		vlen = linux.UIO_MAXIOV
+	}
+
 	// Reject flags that we don't handle yet.
 	if flags & ^(baseRecvFlags|linux.MSG_CMSG_CLOEXEC|linux.MSG_ERRQUEUE) != 0 {
 		return 0, nil, syserror.EINVAL
@@ -941,6 +945,10 @@ func SendMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
 		return 0, nil, syserror.EINVAL
 	}
 
+	if vlen > linux.UIO_MAXIOV {
+		vlen = linux.UIO_MAXIOV
+	}
+
 	// Get socket from the file descriptor.
 	file := t.GetFileVFS2(fd)
 	if file == nil {