From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 8 Jul 2019 16:00:20 +0000 (+0200)
Subject: seccomp: recvmsg with MSG_TRUNC
X-Git-Tag: lxc-3.2.0~9^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87e547d9c790ccb5c6d8d59da96c9f3082c0e867;p=thirdparty%2Flxc.git

seccomp: recvmsg with MSG_TRUNC

We only read the message without the cookie. For now assert
that the sender also didn't try to send more by letting
`recvmsg()` return the original size of the packet if it was
longer.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 5b3341393..978b1a2ca 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1466,7 +1466,8 @@ retry:
 		goto out;
 	}
 
-	bytes = lxc_recvmsg_nointr_iov(listener_proxy_fd, iov,iov_len, 0);
+	bytes = lxc_recvmsg_nointr_iov(listener_proxy_fd, iov,iov_len,
+				       MSG_TRUNC);
 	if (bytes != (ssize_t)msg_base_size) {
 		SYSERROR("Failed to receive message from seccomp proxy");
 		seccomp_notify_default_answer(fd, req, resp, hdlr);