From 3ff24b4f2c6d5a7a872a744150bbfca795afdbfc Mon Sep 17 00:00:00 2001 From: Michael Pratt Date: Fri, 28 Sep 2018 11:02:11 -0700 Subject: Require AF_UNIX sockets from the gofer host.endpoint already has the check, but it is missing from host.ConnectedEndpoint. PiperOrigin-RevId: 214962762 Change-Id: I88bb13a5c5871775e4e7bf2608433df8a3d348e6 --- pkg/sentry/fs/gofer/socket.go | 3 +++ pkg/sentry/fs/host/socket.go | 22 +++++++++++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'pkg/sentry/fs') diff --git a/pkg/sentry/fs/gofer/socket.go b/pkg/sentry/fs/gofer/socket.go index 8628b9c69..0190bc006 100644 --- a/pkg/sentry/fs/gofer/socket.go +++ b/pkg/sentry/fs/gofer/socket.go @@ -15,6 +15,7 @@ package gofer import ( + "gvisor.googlesource.com/gvisor/pkg/log" "gvisor.googlesource.com/gvisor/pkg/p9" "gvisor.googlesource.com/gvisor/pkg/sentry/fs" "gvisor.googlesource.com/gvisor/pkg/sentry/fs/host" @@ -101,6 +102,7 @@ func (e *endpoint) BidirectionalConnect(ce unix.ConnectingEndpoint, returnConnec c, terr := host.NewConnectedEndpoint(hostFile, ce.WaiterQueue(), e.path) if terr != nil { ce.Unlock() + log.Warningf("Gofer returned invalid host socket for BidirectionalConnect; file %+v flags %+v: %v", e.file, cf, terr) return terr } @@ -120,6 +122,7 @@ func (e *endpoint) UnidirectionalConnect() (unix.ConnectedEndpoint, *tcpip.Error c, terr := host.NewConnectedEndpoint(hostFile, &waiter.Queue{}, e.path) if terr != nil { + log.Warningf("Gofer returned invalid host socket for UnidirectionalConnect; file %+v: %v", e.file, terr) return nil, terr } c.Init() diff --git a/pkg/sentry/fs/host/socket.go b/pkg/sentry/fs/host/socket.go index 4ace71c3e..e11772946 100644 --- a/pkg/sentry/fs/host/socket.go +++ b/pkg/sentry/fs/host/socket.go @@ -35,6 +35,8 @@ import ( // endpoint encapsulates the state needed to represent a host Unix socket. // +// TODO: Remove/merge with ConnectedEndpoint. +// // +stateify savable type endpoint struct { queue waiter.Queue `state:"zerovalue"` @@ -288,13 +290,23 @@ func recvMsg(fd int, data [][]byte, numRights uintptr, peek bool, addr *tcpip.Fu return rl, ml, control.New(nil, nil, newSCMRights(fds)), nil } -// NewConnectedEndpoint creates a new ConnectedEndpoint backed by -// a host FD that will pretend to be bound at a given sentry path. +// NewConnectedEndpoint creates a new ConnectedEndpoint backed by a host FD +// that will pretend to be bound at a given sentry path. // -// The caller is responsible for calling Init(). Additionaly, Release needs -// to be called twice because host.ConnectedEndpoint is both a -// unix.Receiver and unix.ConnectedEndpoint. +// The caller is responsible for calling Init(). Additionaly, Release needs to +// be called twice because host.ConnectedEndpoint is both a unix.Receiver and +// unix.ConnectedEndpoint. func NewConnectedEndpoint(file *fd.FD, queue *waiter.Queue, path string) (*ConnectedEndpoint, *tcpip.Error) { + family, err := syscall.GetsockoptInt(file.FD(), syscall.SOL_SOCKET, syscall.SO_DOMAIN) + if err != nil { + return nil, translateError(err) + } + + if family != syscall.AF_UNIX { + // We only allow Unix sockets. + return nil, tcpip.ErrInvalidEndpointState + } + e := &ConnectedEndpoint{path: path, queue: queue, file: file} // AtomicRefCounters start off with a single reference. We need two. -- cgit v1.2.3