From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 892E3A051A for ; Fri, 17 Jan 2020 08:55:05 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 68F261D15F; Fri, 17 Jan 2020 08:55:05 +0100 (CET) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by dpdk.org (Postfix) with ESMTP id 63EEE1D15F; Fri, 17 Jan 2020 08:55:04 +0100 (CET) X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Jan 2020 23:54:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,329,1574150400"; d="scan'208";a="274289321" Received: from dpdk-virtio-tbie-2.sh.intel.com (HELO ___) ([10.67.104.74]) by FMSMGA003.fm.intel.com with ESMTP; 16 Jan 2020 23:54:37 -0800 Date: Fri, 17 Jan 2020 15:54:34 +0800 From: Tiwei Bie To: Maxime Coquelin Cc: dev@dpdk.org, zhihong.wang@intel.com, stable@dpdk.org, Ilja Van Sprundel Message-ID: <20200117075433.GA218008@___> References: <20200116104444.3862-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200116104444.3862-1-maxime.coquelin@redhat.com> User-Agent: Mutt/1.9.4 (2018-02-28) Subject: Re: [dpdk-stable] [PATCH] vhost: check vhost message header size read X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" On Thu, Jan 16, 2020 at 11:44:44AM +0100, Maxime Coquelin wrote: > This patch adds a check to ensure the read size of > the Vhost-user message header is not smaller than > the expected size. > > Fixes: 8f972312b8f4 ("vhost: support vhost-user") > Cc: stable@dpdk.org > > Reported-by: Ilja Van Sprundel > Signed-off-by: Maxime Coquelin > --- > lib/librte_vhost/vhost_user.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c > index 69b84a8820..0b7d1e288e 100644 > --- a/lib/librte_vhost/vhost_user.c > +++ b/lib/librte_vhost/vhost_user.c > @@ -2440,8 +2440,12 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg) > > ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE, > msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num); > - if (ret <= 0) > + if (ret <= 0) { > return ret; > + } else if (ret != VHOST_USER_HDR_SIZE) { > + VHOST_LOG_CONFIG(ERR, "Unexpected header size read\n"); > + return -1; It's better to close the potential fds in msg->fds[] e.g. by calling close_msg_fds(msg). Regards, Tiwei > + } > > if (msg->size) { > if (msg->size > sizeof(msg->payload)) { > -- > 2.21.0 >