This patch adds a check to ensure the read size of the Vhost-user message header is not smaller than the expected size. Fixes: 8f972312b8f4 ("vhost: support vhost-user") Cc: stable@dpdk.org Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> --- lib/librte_vhost/vhost_user.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index 69b84a8820..0b7d1e288e 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -2440,8 +2440,12 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg) ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE, msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num); - if (ret <= 0) + if (ret <= 0) { return ret; + } else if (ret != VHOST_USER_HDR_SIZE) { + VHOST_LOG_CONFIG(ERR, "Unexpected header size read\n"); + return -1; + } if (msg->size) { if (msg->size > sizeof(msg->payload)) { -- 2.21.0
On Thu, Jan 16, 2020 at 11:44:44AM +0100, Maxime Coquelin wrote: > This patch adds a check to ensure the read size of > the Vhost-user message header is not smaller than > the expected size. > > Fixes: 8f972312b8f4 ("vhost: support vhost-user") > Cc: stable@dpdk.org > > Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> > Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> > --- > lib/librte_vhost/vhost_user.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c > index 69b84a8820..0b7d1e288e 100644 > --- a/lib/librte_vhost/vhost_user.c > +++ b/lib/librte_vhost/vhost_user.c > @@ -2440,8 +2440,12 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg) > > ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE, > msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num); > - if (ret <= 0) > + if (ret <= 0) { > return ret; > + } else if (ret != VHOST_USER_HDR_SIZE) { > + VHOST_LOG_CONFIG(ERR, "Unexpected header size read\n"); > + return -1; It's better to close the potential fds in msg->fds[] e.g. by calling close_msg_fds(msg). Regards, Tiwei > + } > > if (msg->size) { > if (msg->size > sizeof(msg->payload)) { > -- > 2.21.0 >
On 1/17/20 8:54 AM, Tiwei Bie wrote: > On Thu, Jan 16, 2020 at 11:44:44AM +0100, Maxime Coquelin wrote: >> This patch adds a check to ensure the read size of >> the Vhost-user message header is not smaller than >> the expected size. >> >> Fixes: 8f972312b8f4 ("vhost: support vhost-user") >> Cc: stable@dpdk.org >> >> Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> >> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com> >> --- >> lib/librte_vhost/vhost_user.c | 6 +++++- >> 1 file changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c >> index 69b84a8820..0b7d1e288e 100644 >> --- a/lib/librte_vhost/vhost_user.c >> +++ b/lib/librte_vhost/vhost_user.c >> @@ -2440,8 +2440,12 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg) >> >> ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE, >> msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num); >> - if (ret <= 0) >> + if (ret <= 0) { >> return ret; >> + } else if (ret != VHOST_USER_HDR_SIZE) { >> + VHOST_LOG_CONFIG(ERR, "Unexpected header size read\n"); >> + return -1; > > It's better to close the potential fds in msg->fds[] > e.g. by calling close_msg_fds(msg). Correct, adding it in v2. Thanks, Maxime > Regards, > Tiwei > >> + } >> >> if (msg->size) { >> if (msg->size > sizeof(msg->payload)) { >> -- >> 2.21.0 >> >