udev-ctrl: add missing size check of received message

author Mike Yuan <me@yhndnzj.com>

Mon, 2 Sep 2024 14:24:10 +0000 (16:24 +0200)

committer Mike Yuan <me@yhndnzj.com>

Wed, 4 Sep 2024 16:50:55 +0000 (18:50 +0200)
author Mike Yuan <me@yhndnzj.com>
Mon, 2 Sep 2024 14:24:10 +0000 (16:24 +0200)
committer Mike Yuan <me@yhndnzj.com>
Wed, 4 Sep 2024 16:50:55 +0000 (18:50 +0200)
diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c

index 28716347e7724c86228e26286c2c1b29952c0b7a..5ce77af89a766c86bf84be6de64cc8dd9722caf5 100644 (file)
--- a/src/udev/udev-ctrl.c
+++ b/src/udev/udev-ctrl.c
@@ -183,19 +183,24 @@ static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32
  
          cmsg_close_all(&smsg);
  
+        if (size != sizeof(msg_wire) || FLAGS_SET(smsg->flags, MSG_TRUNC)) {
+                log_warning("Received message with invalid length, ignoring");
+                return 0;
+        }
+
          cred = CMSG_FIND_DATA(&smsg, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
          if (!cred) {
-                log_error("No sender credentials received, ignoring message");
+                log_warning("No sender credentials received, ignoring message");
                  return 0;
          }
  
          if (cred->uid != 0) {
-                log_error("Invalid sender uid "UID_FMT", ignoring message", cred->uid);
+                log_warning("Invalid sender uid "UID_FMT", ignoring message", cred->uid);
                  return 0;
          }
  
          if (msg_wire.magic != UDEV_CTRL_MAGIC) {
-                log_error("Message magic 0x%08x doesn't match, ignoring message", msg_wire.magic);
+                log_warning("Message magic 0x%08x doesn't match, ignoring message", msg_wire.magic);
                  return 0;
          }
author	Mike Yuan <me@yhndnzj.com>
	Mon, 2 Sep 2024 14:24:10 +0000 (16:24 +0200)
committer	Mike Yuan <me@yhndnzj.com>
	Wed, 4 Sep 2024 16:50:55 +0000 (18:50 +0200)