| commit | 7b3c618ad0cd0154993b5b5dbd34e0010960585a | |
| author | Daniel P. Berrange <berrange@redhat.com> | |
| Mon, 21 Dec 2015 11:58:51 +0000 (21 11:58 +0000) | ||
| committer | Daniel P. Berrange <berrange@redhat.com> | |
| Wed, 23 Dec 2015 10:53:03 +0000 (23 10:53 +0000) | ||
| tree | b6889811b57451057c2cceb1d3a94e969c7230b2 | treesnapshot (tar.gz zip) |
| parent | bead59946a8b54398f4ba3c9c8ecd15eeac78c53 | commitdiff |
io: fix stack allocation when sending of file descriptors
When sending file descriptors over a socket, we have to
allocate a data buffer to hold the FDs in the scmsghdr.
Unfortunately we allocated the buffer on the stack inside
an if () {} block, but called sendmsg() outside the block.
So the stack bytes holding the FDs were liable to be
overwritten with other data. By luck this was not a problem
when sending 1 FD, but if sending 2 or more then it would
fail.
The fix is to simply move the variables outside the nested
'if' block. To keep valgrind quiet we also zero-initialize
the 'control' buffer.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
When sending file descriptors over a socket, we have to
allocate a data buffer to hold the FDs in the scmsghdr.
Unfortunately we allocated the buffer on the stack inside
an if () {} block, but called sendmsg() outside the block.
So the stack bytes holding the FDs were liable to be
overwritten with other data. By luck this was not a problem
when sending 1 FD, but if sending 2 or more then it would
fail.
The fix is to simply move the variables outside the nested
'if' block. To keep valgrind quiet we also zero-initialize
the 'control' buffer.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
| io/channel-socket.c | diffblobblamehistory | |
| tests/test-io-channel-socket.c | diffblobblamehistory |