From abdff887483f1d9487bffa0278dd6f7a40e59a74 Mon Sep 17 00:00:00 2001 From: Dean Deng Date: Tue, 26 Jan 2021 09:47:24 -0800 Subject: Do not send SCM Rights more than once when message is truncated. If data is sent over a stream socket that will not fit all at once, it will be sent over multiple packets. SCM Rights should only be sent with the first packet (see net/unix/af_unix.c:unix_stream_sendmsg in Linux). Reported-by: syzbot+aa26482e9c4887aff259@syzkaller.appspotmail.com PiperOrigin-RevId: 353886442 --- pkg/sentry/socket/unix/unix.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'pkg/sentry/socket/unix/unix.go') diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go index 6c4ec55b2..32e5d2304 100644 --- a/pkg/sentry/socket/unix/unix.go +++ b/pkg/sentry/socket/unix/unix.go @@ -496,6 +496,9 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b return int(n), syserr.FromError(err) } + // Only send SCM Rights once (see net/unix/af_unix.c:unix_stream_sendmsg). + w.Control.Rights = nil + // We'll have to block. Register for notification and keep trying to // send all the data. e, ch := waiter.NewChannelEntry(nil) -- cgit v1.2.3