[PATCH] vhost/vsock: check length in rx header

From: Bobby Eshleman
Date: Wed Jan 04 2023 - 15:08:48 EST

Next message: tip-bot2 for Zhang Rui: "[tip: perf/urgent] perf/x86/rapl: Add support for Intel Emerald Rapids"
Previous message: Waldek Andrukiewicz: "Re: i2c-CLSA0100:00-cs35l41-hda.1: System Suspend not supported"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Check that the rx packet length indicated by the header does not exceed
the iov length.

Fixes: b68396fad17f ("virtio/vsock: replace virtio_vsock_pkt with sk_buff")
Reported-by: syzbot+30b72abaa17c07fe39dd@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Bobby Eshleman <bobby.eshleman@xxxxxxxxxxxxx>
---
drivers/vhost/vsock.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c
index 982ca479c659..84dec9ac62c1 100644
--- a/drivers/vhost/vsock.c
+++ b/drivers/vhost/vsock.c
@@ -365,8 +365,9 @@ vhost_vsock_alloc_skb(struct vhost_virtqueue *vq,
if (!payload_len)
return skb;

- /* The pkt is too big */
- if (payload_len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE) {
+ /* The pkt is too big or the length in the header is invalid */
+ if (payload_len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE ||
+ payload_len > len) {
kfree_skb(skb);
return NULL;
}
--
2.20.1

Next message: tip-bot2 for Zhang Rui: "[tip: perf/urgent] perf/x86/rapl: Add support for Intel Emerald Rapids"
Previous message: Waldek Andrukiewicz: "Re: i2c-CLSA0100:00-cs35l41-hda.1: System Suspend not supported"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]