From c8935581de4ff931bc32fb03da5d87f0ee2378a1 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 2 Jul 2021 13:28:10 -0700 Subject: [PATCH] linux: Check for null value msghdr struct before use This avoids crashes in libc when cmsg is null and refrencing msg structure when it is null Signed-off-by: Khem Raj Reviewed-by: Adhemerval Zanella --- sysdeps/unix/sysv/linux/convert_scm_timestamps.c | 2 ++ sysdeps/unix/sysv/linux/recvmsg.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c index d75a4618dd..5af71847f5 100644 --- a/sysdeps/unix/sysv/linux/convert_scm_timestamps.c +++ b/sysdeps/unix/sysv/linux/convert_scm_timestamps.c @@ -87,6 +87,8 @@ __convert_scm_timestamps (struct msghdr *msg, socklen_t msgsize) msg->msg_controllen += CMSG_SPACE (sizeof tvts); cmsg = CMSG_NXTHDR(msg, last); + if (cmsg == NULL) + return; cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_type = type; cmsg->cmsg_len = CMSG_LEN (sizeof tvts); diff --git a/sysdeps/unix/sysv/linux/recvmsg.c b/sysdeps/unix/sysv/linux/recvmsg.c index a2a600228b..57c3cf7e36 100644 --- a/sysdeps/unix/sysv/linux/recvmsg.c +++ b/sysdeps/unix/sysv/linux/recvmsg.c @@ -25,7 +25,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags) { ssize_t r; #ifndef __ASSUME_TIME64_SYSCALLS - socklen_t orig_controllen = msg->msg_controllen; + socklen_t orig_controllen = msg != NULL ? msg->msg_controllen : 0; #endif #ifdef __ASSUME_RECVMSG_SYSCALL @@ -35,7 +35,7 @@ __libc_recvmsg (int fd, struct msghdr *msg, int flags) #endif #ifndef __ASSUME_TIME64_SYSCALLS - if (r >= 0) + if (r >= 0 && orig_controllen != 0) __convert_scm_timestamps (msg, orig_controllen); #endif