This patch adds a check to ensure the read size of
the Vhost-user message header is not smaller than
the expected size.
In case of unexpected read size, report an error
and close file descriptors passed with the message,
if any.
Fixes: 8f972312b8f4 ("vhost: support vhost-user")
Cc: sta...@dpdk.org
Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
---
v2: close message FDs on error (Tiwei)
lib/librte_vhost/vhost_user.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 9f14ea6676..91482ccd67 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -2456,8 +2456,13 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg)
ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE,
msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num);
- if (ret <= 0)
+ if (ret <= 0) {
return ret;
+ } else if (ret != VHOST_USER_HDR_SIZE) {
+ VHOST_LOG_CONFIG(ERR, "Unexpected header size read\n");
+ close_msg_fds(msg);
+ return -1;
+ }
if (msg->size) {
if (msg->size > sizeof(msg->payload)) {
--
2.24.1
