From d961ebd945eb3c1def0f645993739dabc80aacce Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 26 Feb 2021 22:37:30 +0100
Subject: [PATCH] af_unix: vet all parameters

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/af_unix.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 6a016b0fa..b491b9507 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -182,6 +182,12 @@ static ssize_t lxc_abstract_unix_recv_fds_iov(int fd,
 	if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_NONE)) > 1)
 		return ret_errno(EINVAL);
 
+	if (ret_fds->fd_count_max >= KERNEL_SCM_MAX_FD)
+		return ret_errno(EINVAL);
+
+	if (ret_fds->fd_count_ret != 0)
+		return ret_errno(EINVAL);
+
 	cmsgbuf = zalloc(cmsgbufsize);
 	if (!cmsgbuf)
 		return ret_errno(ENOMEM);
-- 
2.47.2