[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <05a7bdabe45f473c8d1a25d2cd20c1f5@huawei.com>
Date: Tue, 12 Jan 2021 07:58:26 +0000
From: "zhuyan (M)" <zhuyan34@...wei.com>
To: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
CC: Zengweilin <zengweilin@...wei.com>, "liucheng (G)"
<liucheng32@...wei.com>, "chenzefeng (A)" <chenzefeng2@...wei.com>
Subject: [PATCH] fix segfault in recvmsg when msg argument is NULL
When msg is NULL, msg->msg_controllen exists to dereference a null pointer in recvmsg.
The commit ae388becb529428ac926da102f1d025b3c3968da introduces this problem
Signed-off-by: Qing Wu <wuqing30@...wei.com>
Signed-off-by: Yan Zhu <zhuyan34@...wei.com>
---
src/network/recvmsg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/network/recvmsg.c b/src/network/recvmsg.c index 03641625..c36ffb8d 100644
--- a/src/network/recvmsg.c
+++ b/src/network/recvmsg.c
@@ -4,6 +4,7 @@
#include <sys/time.h>
#include <string.h>
#include "syscall.h"
+#include <errno.h>
hidden void __convert_scm_timestamps(struct msghdr *, socklen_t);
@@ -49,6 +50,8 @@ void __convert_scm_timestamps(struct msghdr *msg, socklen_t csize)
ssize_t recvmsg(int fd, struct msghdr *msg, int flags) {
+ if (!msg) return -EINVAL;
+
ssize_t r;
socklen_t orig_controllen = msg->msg_controllen; #if LONG_MAX > INT_MAX
--
2.12.3
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
