加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
CVE-2022-0669.patch 1.49 KB
一键复制 编辑 原始数据 按行查看 历史
shirely 提交于 2022-06-10 17:31 . fix CVE-2021-3839 CVE-2022-0669
From 6cb68162e4b598b7c0747372fa3fcec9cddd19b8 Mon Sep 17 00:00:00 2001
From: David Marchand <david.marchand@redhat.com>
Date: Tue, 18 Jan 2022 15:53:30 +0100
Subject: vhost: fix FD leak with inflight messages
[ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ]
Even if unlikely, a buggy vhost-user master might attach fds to inflight
messages. Add checks like for other types of vhost-user messages.
Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
Signed-off-by: David Marchand <david.marchand@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/vhost/vhost_user.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/vhost/vhost_user.c b/lib/vhost/vhost_user.c
index d4b0ec7358..9a266b5d42 100644
--- a/lib/vhost/vhost_user.c
+++ b/lib/vhost/vhost_user.c
@@ -1600,6 +1600,9 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev,
int numa_node = SOCKET_ID_ANY;
void *addr;
+ if (validate_msg_fds(msg, 0) != 0)
+ return RTE_VHOST_MSG_RESULT_ERR;
+
if (msg->size != sizeof(msg->payload.inflight)) {
VHOST_LOG_CONFIG(ERR,
"invalid get_inflight_fd message size is %d\n",
@@ -1701,6 +1704,9 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg,
int fd, i;
int numa_node = SOCKET_ID_ANY;
+ if (validate_msg_fds(msg, 1) != 0)
+ return RTE_VHOST_MSG_RESULT_ERR;
+
fd = msg->fds[0];
if (msg->size != sizeof(msg->payload.inflight) || fd < 0) {
VHOST_LOG_CONFIG(ERR,
--
cgit v1.2.1
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化