linux: Check for null value msghdr struct before use

This avoids crashes in libc when cmsg is null and refrencing msg structure when it is null Signed-off-by: Khem Raj <raj.khem@gmail.com> Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
2024-12-15 04:20:28 +08:00 · 2021-07-02 13:28:10 -07:00 · 2021-07-02 13:28:10 -07:00 · c8935581de
commit c8935581de
parent 91fb0f17a5
2 changed files with 4 additions and 2 deletions
--- a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
+++ b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c
@ -87,6 +87,8 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize)

  msg->msg_controllen += CMSG_SPACE (sizeof tvts);
  cmsg = CMSG_NXTHDR(msg, last);
+  if (cmsg == NULL)
+    return;
  cmsg->cmsg_level = SOL_SOCKET;
  cmsg->cmsg_type = type;
  cmsg->cmsg_len = CMSG_LEN (sizeof tvts);
--- a/sysdeps/unix/sysv/linux/recvmsg.c
+++ b/sysdeps/unix/sysv/linux/recvmsg.c
@ -25,7 +25,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
 {
  ssize_t r;
 #ifndef __ASSUME_TIME64_SYSCALLS
-  socklen_t orig_controllen = msg->msg_controllen;
+  socklen_t orig_controllen = msg != NULL ? msg->msg_controllen : 0;
 #endif

 #ifdef __ASSUME_RECVMSG_SYSCALL
@ -35,7 +35,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags)
 #endif

 #ifndef __ASSUME_TIME64_SYSCALLS
-  if (r >= 0)
+  if (r >= 0 && orig_controllen != 0)
    __convert_scm_timestamps (msg, orig_controllen);
 #endif