From: Mike Yuan <me@yhndnzj.com>
Date: Mon, 2 Sep 2024 14:24:10 +0000 (+0200)
Subject: udev-ctrl: add missing size check of received message
X-Git-Tag: v257-rc1~558^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ad7f7902354e8e05ea315fb51688b8fcf00305d;p=thirdparty%2Fsystemd.git

udev-ctrl: add missing size check of received message

While at it, downgrade log level of ignored errors to LOG_WARNING.
---

diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c
index 28716347e77..5ce77af89a7 100644
--- a/src/udev/udev-ctrl.c
+++ b/src/udev/udev-ctrl.c
@@ -183,19 +183,24 @@ static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32
 
         cmsg_close_all(&smsg);
 
+        if (size != sizeof(msg_wire) || FLAGS_SET(smsg->flags, MSG_TRUNC)) {
+                log_warning("Received message with invalid length, ignoring");
+                return 0;
+        }
+
         cred = CMSG_FIND_DATA(&smsg, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
         if (!cred) {
-                log_error("No sender credentials received, ignoring message");
+                log_warning("No sender credentials received, ignoring message");
                 return 0;
         }
 
         if (cred->uid != 0) {
-                log_error("Invalid sender uid "UID_FMT", ignoring message", cred->uid);
+                log_warning("Invalid sender uid "UID_FMT", ignoring message", cred->uid);
                 return 0;
         }
 
         if (msg_wire.magic != UDEV_CTRL_MAGIC) {
-                log_error("Message magic 0x%08x doesn't match, ignoring message", msg_wire.magic);
+                log_warning("Message magic 0x%08x doesn't match, ignoring message", msg_wire.magic);
                 return 0;
         }