Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <05a7bdabe45f473c8d1a25d2cd20c1f5@huawei.com>
Date: Tue, 12 Jan 2021 07:58:26 +0000
From: "zhuyan (M)" <zhuyan34@...wei.com>
To: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
CC: Zengweilin <zengweilin@...wei.com>, "liucheng (G)"
	<liucheng32@...wei.com>, "chenzefeng (A)" <chenzefeng2@...wei.com>
Subject: [PATCH] fix segfault in recvmsg when msg argument is NULL


When msg is NULL, msg->msg_controllen exists to dereference a null pointer in recvmsg.

The commit ae388becb529428ac926da102f1d025b3c3968da introduces this problem

Signed-off-by: Qing Wu <wuqing30@...wei.com>
Signed-off-by: Yan Zhu <zhuyan34@...wei.com>
---
 src/network/recvmsg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/network/recvmsg.c b/src/network/recvmsg.c index 03641625..c36ffb8d 100644
--- a/src/network/recvmsg.c
+++ b/src/network/recvmsg.c
@@ -4,6 +4,7 @@
 #include <sys/time.h>
 #include <string.h>
 #include "syscall.h"
+#include <errno.h>
 
 hidden void __convert_scm_timestamps(struct msghdr *, socklen_t);
 
@@ -49,6 +50,8 @@ void __convert_scm_timestamps(struct msghdr *msg, socklen_t csize)
 
 ssize_t recvmsg(int fd, struct msghdr *msg, int flags)  {
+	if (!msg) return -EINVAL;
+
 	ssize_t r;
 	socklen_t orig_controllen = msg->msg_controllen;  #if LONG_MAX > INT_MAX
--
2.12.3

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.