|
Message-ID: <05a7bdabe45f473c8d1a25d2cd20c1f5@huawei.com> Date: Tue, 12 Jan 2021 07:58:26 +0000 From: "zhuyan (M)" <zhuyan34@...wei.com> To: "musl@...ts.openwall.com" <musl@...ts.openwall.com> CC: Zengweilin <zengweilin@...wei.com>, "liucheng (G)" <liucheng32@...wei.com>, "chenzefeng (A)" <chenzefeng2@...wei.com> Subject: [PATCH] fix segfault in recvmsg when msg argument is NULL When msg is NULL, msg->msg_controllen exists to dereference a null pointer in recvmsg. The commit ae388becb529428ac926da102f1d025b3c3968da introduces this problem Signed-off-by: Qing Wu <wuqing30@...wei.com> Signed-off-by: Yan Zhu <zhuyan34@...wei.com> --- src/network/recvmsg.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/network/recvmsg.c b/src/network/recvmsg.c index 03641625..c36ffb8d 100644 --- a/src/network/recvmsg.c +++ b/src/network/recvmsg.c @@ -4,6 +4,7 @@ #include <sys/time.h> #include <string.h> #include "syscall.h" +#include <errno.h> hidden void __convert_scm_timestamps(struct msghdr *, socklen_t); @@ -49,6 +50,8 @@ void __convert_scm_timestamps(struct msghdr *msg, socklen_t csize) ssize_t recvmsg(int fd, struct msghdr *msg, int flags) { + if (!msg) return -EINVAL; + ssize_t r; socklen_t orig_controllen = msg->msg_controllen; #if LONG_MAX > INT_MAX -- 2.12.3
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.