summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket/netstack/netstack_vfs2.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/socket/netstack/netstack_vfs2.go')
-rw-r--r--pkg/sentry/socket/netstack/netstack_vfs2.go13
1 files changed, 11 insertions, 2 deletions
diff --git a/pkg/sentry/socket/netstack/netstack_vfs2.go b/pkg/sentry/socket/netstack/netstack_vfs2.go
index 3335e7430..1db8ae491 100644
--- a/pkg/sentry/socket/netstack/netstack_vfs2.go
+++ b/pkg/sentry/socket/netstack/netstack_vfs2.go
@@ -239,6 +239,9 @@ func (s *SocketVFS2) GetSockOpt(t *kernel.Task, level, name int, outPtr usermem.
if outLen < linux.SizeOfIPTGetinfo {
return nil, syserr.ErrInvalidArgument
}
+ if s.family != linux.AF_INET {
+ return nil, syserr.ErrInvalidArgument
+ }
stack := inet.StackFromContext(t)
if stack == nil {
@@ -254,12 +257,15 @@ func (s *SocketVFS2) GetSockOpt(t *kernel.Task, level, name int, outPtr usermem.
if outLen < linux.SizeOfIPTGetEntries {
return nil, syserr.ErrInvalidArgument
}
+ if s.family != linux.AF_INET {
+ return nil, syserr.ErrInvalidArgument
+ }
stack := inet.StackFromContext(t)
if stack == nil {
return nil, syserr.ErrNoDevice
}
- entries, err := netfilter.GetEntries(t, stack.(*Stack).Stack, outPtr, outLen)
+ entries, err := netfilter.GetEntries4(t, stack.(*Stack).Stack, outPtr, outLen)
if err != nil {
return nil, err
}
@@ -298,12 +304,15 @@ func (s *SocketVFS2) SetSockOpt(t *kernel.Task, level int, name int, optVal []by
return nil
}
- if s.skType == linux.SOCK_RAW && level == linux.IPPROTO_IP {
+ if s.skType == linux.SOCK_RAW && level == linux.SOL_IP {
switch name {
case linux.IPT_SO_SET_REPLACE:
if len(optVal) < linux.SizeOfIPTReplace {
return syserr.ErrInvalidArgument
}
+ if s.family != linux.AF_INET {
+ return syserr.ErrInvalidArgument
+ }
stack := inet.StackFromContext(t)
if stack == nil {
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 20:53:33 +0000