On Thu, Jan 16, 2020 at 11:44:44AM +0100, Maxime Coquelin wrote:
> This patch adds a check to ensure the read size of
> the Vhost-user message header is not smaller than
> the expected size.
>
> Fixes: 8f972312b8f4 ("vhost: support vhost-user")
> Cc: sta...@dpdk.org
>
> Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com>
> Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
> ---
> lib/librte_vhost/vhost_user.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index 69b84a8820..0b7d1e288e 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -2440,8 +2440,12 @@ read_vhost_message(int sockfd, struct VhostUserMsg
> *msg)
>
> ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE,
> msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num);
> - if (ret <= 0)
> + if (ret <= 0) {
> return ret;
> + } else if (ret != VHOST_USER_HDR_SIZE) {
> + VHOST_LOG_CONFIG(ERR, "Unexpected header size read\n");
> + return -1;
It's better to close the potential fds in msg->fds[]
e.g. by calling close_msg_fds(msg).
Regards,
Tiwei
> + }
>
> if (msg->size) {
> if (msg->size > sizeof(msg->payload)) {
> --
> 2.21.0
>
