mirror of
https://git.FreeBSD.org/src.git
synced 2024-10-19 02:29:40 +00:00
truss: Make control message header parsing more robust
print_cmsg() was assuming that the control message chain is well-formed, but that isn't necessarily the case for sendmsg(2). In particular, if cmsg_len is zero, print_cmsg() will loop forever. Check for truncated headers and try to recover if possible. Reviewed by: tuexen MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35476
This commit is contained in:
parent
a14465e1b9
commit
4b0c6fa0dc
@ -1480,6 +1480,16 @@ print_cmsgs(FILE *fp, pid_t pid, bool receive, struct msghdr *msghdr)
|
||||
for (cmsghdr = CMSG_FIRSTHDR(msghdr);
|
||||
cmsghdr != NULL;
|
||||
cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr)) {
|
||||
if (cmsghdr->cmsg_len < sizeof(*cmsghdr)) {
|
||||
fprintf(fp, "{<invalid cmsg, len=%u>}",
|
||||
cmsghdr->cmsg_len);
|
||||
if (cmsghdr->cmsg_len == 0) {
|
||||
/* Avoid looping forever. */
|
||||
break;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
level = cmsghdr->cmsg_level;
|
||||
type = cmsghdr->cmsg_type;
|
||||
len = cmsghdr->cmsg_len;
|
||||
|
Loading…
Reference in New Issue
Block a user