1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-10 05:18:17 +03:00

Merge pull request #34212 from YHNdnzj/recvmsg-safe-trunc

tree-wide: handle MSG_TRUNC with recvmsg_safe()
This commit is contained in:
Yu Watanabe 2024-09-05 07:22:28 +09:00 committed by GitHub
commit 1306567a40
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 172 additions and 148 deletions

View File

@ -99,7 +99,7 @@ static int try_audit_request(int fd) {
n = recvmsg_safe(fd, &mh, 0); n = recvmsg_safe(fd, &mh, 0);
if (n < 0) if (n < 0)
return -errno; return n;
if (n != NLMSG_LENGTH(sizeof(struct nlmsgerr))) if (n != NLMSG_LENGTH(sizeof(struct nlmsgerr)))
return -EIO; return -EIO;

View File

@ -568,14 +568,21 @@ int same_fd(int a, int b) {
} }
void cmsg_close_all(struct msghdr *mh) { void cmsg_close_all(struct msghdr *mh) {
struct cmsghdr *cmsg;
assert(mh); assert(mh);
CMSG_FOREACH(cmsg, mh) struct cmsghdr *cmsg;
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) CMSG_FOREACH(cmsg, mh) {
if (cmsg->cmsg_level != SOL_SOCKET)
continue;
if (cmsg->cmsg_type == SCM_RIGHTS)
close_many(CMSG_TYPED_DATA(cmsg, int), close_many(CMSG_TYPED_DATA(cmsg, int),
(cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int)); (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int));
else if (cmsg->cmsg_type == SCM_PIDFD) {
assert(cmsg->cmsg_len == CMSG_LEN(sizeof(int)));
safe_close(*CMSG_TYPED_DATA(cmsg, int));
}
}
} }
bool fdname_is_valid(const char *s) { bool fdname_is_valid(const char *s) {

View File

@ -1447,18 +1447,22 @@ int socket_bind_to_ifindex(int fd, int ifindex) {
ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags) { ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags) {
ssize_t n; ssize_t n;
/* A wrapper around recvmsg() that checks for MSG_CTRUNC, and turns it into an error, in a reasonably /* A wrapper around recvmsg() that checks for MSG_CTRUNC and MSG_TRUNC, and turns them into an error,
* safe way, closing any SCM_RIGHTS fds in the error path. * in a reasonably safe way, closing any received fds in the error path.
* *
* Note that unlike our usual coding style this might modify *msg on failure. */ * Note that unlike our usual coding style this might modify *msg on failure. */
assert(sockfd >= 0);
assert(msg);
n = recvmsg(sockfd, msg, flags); n = recvmsg(sockfd, msg, flags);
if (n < 0) if (n < 0)
return -errno; return -errno;
if (FLAGS_SET(msg->msg_flags, MSG_CTRUNC)) { if (FLAGS_SET(msg->msg_flags, MSG_CTRUNC) ||
(!FLAGS_SET(flags, MSG_PEEK) && FLAGS_SET(msg->msg_flags, MSG_TRUNC))) {
cmsg_close_all(msg); cmsg_close_all(msg);
return -EXFULL; /* a recognizable error code */ return FLAGS_SET(msg->msg_flags, MSG_CTRUNC) ? -ECHRNG : -EXFULL;
} }
return n; return n;

View File

@ -329,7 +329,7 @@ struct timespec_large {
/* glibc duplicates timespec/timeval on certain 32-bit arches, once in 32-bit and once in 64-bit. /* glibc duplicates timespec/timeval on certain 32-bit arches, once in 32-bit and once in 64-bit.
* See __convert_scm_timestamps() in glibc source code. Hence, we need additional buffer space for them * See __convert_scm_timestamps() in glibc source code. Hence, we need additional buffer space for them
* to prevent from recvmsg_safe() returning -EXFULL. */ * to prevent truncating control msg (recvmsg() MSG_CTRUNC). */
#define CMSG_SPACE_TIMEVAL \ #define CMSG_SPACE_TIMEVAL \
((sizeof(struct timeval) == sizeof(struct timeval_large)) ? \ ((sizeof(struct timeval) == sizeof(struct timeval_large)) ? \
CMSG_SPACE(sizeof(struct timeval)) : \ CMSG_SPACE(sizeof(struct timeval)) : \

View File

@ -2750,13 +2750,17 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
return 0; return 0;
} }
n = recvmsg_safe(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC|MSG_TRUNC); n = recvmsg_safe(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (ERRNO_IS_NEG_TRANSIENT(n)) if (ERRNO_IS_NEG_TRANSIENT(n))
return 0; /* Spurious wakeup, try again */ return 0; /* Spurious wakeup, try again */
if (n == -EXFULL) { if (n == -ECHRNG) {
log_warning_errno(n, "Got message with truncated control data (too many fds sent?), ignoring."); log_warning_errno(n, "Got message with truncated control data (too many fds sent?), ignoring.");
return 0; return 0;
} }
if (n == -EXFULL) {
log_warning_errno(n, "Got message with truncated payload data, ignoring.");
return 0;
}
if (n < 0) if (n < 0)
/* If this is any other, real error, then stop processing this socket. This of course means /* If this is any other, real error, then stop processing this socket. This of course means
* we won't take notification messages anymore, but that's still better than busy looping: * we won't take notification messages anymore, but that's still better than busy looping:
@ -2829,11 +2833,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
return 0; return 0;
} }
if ((size_t) n >= sizeof(buf) || (msghdr.msg_flags & MSG_TRUNC)) {
log_warning("Received notify message exceeded maximum size. Ignoring.");
return 0;
}
/* As extra safety check, let's make sure the string we get doesn't contain embedded NUL bytes. /* As extra safety check, let's make sure the string we get doesn't contain embedded NUL bytes.
* We permit one trailing NUL byte in the message, but don't expect it. */ * We permit one trailing NUL byte in the message, but don't expect it. */
if (n > 1 && memchr(buf, 0, n-1)) { if (n > 1 && memchr(buf, 0, n-1)) {
@ -4932,20 +4931,22 @@ static int manager_dispatch_handoff_timestamp_fd(sd_event_source *source, int fd
assert(source); assert(source);
n = recvmsg_safe(m->handoff_timestamp_fds[0], &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC|MSG_TRUNC); n = recvmsg_safe(m->handoff_timestamp_fds[0], &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (ERRNO_IS_NEG_TRANSIENT(n)) if (ERRNO_IS_NEG_TRANSIENT(n))
return 0; /* Spurious wakeup, try again */ return 0; /* Spurious wakeup, try again */
if (n == -ECHRNG) {
log_warning_errno(n, "Got message with truncated control data (unexpected fds sent?), ignoring.");
return 0;
}
if (n == -EXFULL) { if (n == -EXFULL) {
log_warning("Got message with truncated control, ignoring."); log_warning_errno(n, "Got message with truncated payload data, ignoring.");
return 0; return 0;
} }
if (n < 0) if (n < 0)
return log_error_errno(n, "Failed to receive handoff timestamp message: %m"); return log_error_errno(n, "Failed to receive handoff timestamp message: %m");
if (msghdr.msg_flags & MSG_TRUNC) { cmsg_close_all(&msghdr);
log_warning("Got truncated handoff timestamp message, ignoring.");
return 0;
}
if (n != sizeof(ts)) { if (n != sizeof(ts)) {
log_warning("Got handoff timestamp message of unexpected size %zi (expected %zu), ignoring.", n, sizeof(ts)); log_warning("Got handoff timestamp message of unexpected size %zi (expected %zu), ignoring.", n, sizeof(ts));
return 0; return 0;

View File

@ -633,7 +633,7 @@ static Manager *manager_unref(Manager *m) {
DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_unref); DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_unref);
static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void *userdata) { static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
Manager *m = ASSERT_PTR(userdata);
char buf[NOTIFY_BUFFER_MAX+1]; char buf[NOTIFY_BUFFER_MAX+1];
struct iovec iovec = { struct iovec iovec = {
.iov_base = buf, .iov_base = buf,
@ -647,33 +647,32 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void
.msg_control = &control, .msg_control = &control,
.msg_controllen = sizeof(control), .msg_controllen = sizeof(control),
}; };
struct ucred *ucred;
Manager *m = userdata;
Transfer *t;
ssize_t n; ssize_t n;
char *p;
int r; int r;
n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (n < 0) { if (ERRNO_IS_NEG_TRANSIENT(n))
if (ERRNO_IS_TRANSIENT(n)) return 0;
return 0; if (n == -ECHRNG) {
return (int) n; log_warning_errno(n, "Got message with truncated control data (unexpected fds sent?), ignoring.");
return 0;
} }
if (n == -EXFULL) {
log_warning_errno(n, "Got message with truncated payload data, ignoring.");
return 0;
}
if (n < 0)
return (int) n;
cmsg_close_all(&msghdr); cmsg_close_all(&msghdr);
if (msghdr.msg_flags & MSG_TRUNC) { struct ucred *ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
log_warning("Got overly long notification datagram, ignoring.");
return 0;
}
ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
if (!ucred || ucred->pid <= 0) { if (!ucred || ucred->pid <= 0) {
log_warning("Got notification datagram lacking credential information, ignoring."); log_warning("Got notification datagram lacking credential information, ignoring.");
return 0; return 0;
} }
Transfer *t;
HASHMAP_FOREACH(t, m->transfers) HASHMAP_FOREACH(t, m->transfers)
if (ucred->pid == t->pidref.pid) if (ucred->pid == t->pidref.pid)
break; break;
@ -685,7 +684,7 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void
buf[n] = 0; buf[n] = 0;
p = find_line_startswith(buf, "X_IMPORT_PROGRESS="); char *p = find_line_startswith(buf, "X_IMPORT_PROGRESS=");
if (!p) if (!p)
return 0; return 0;

View File

@ -1549,39 +1549,42 @@ int server_process_datagram(
iovec = IOVEC_MAKE(s->buffer, MALLOC_ELEMENTSOF(s->buffer) - 1); /* Leave room for trailing NUL we add later */ iovec = IOVEC_MAKE(s->buffer, MALLOC_ELEMENTSOF(s->buffer) - 1); /* Leave room for trailing NUL we add later */
n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (n < 0) { if (ERRNO_IS_NEG_TRANSIENT(n))
if (ERRNO_IS_TRANSIENT(n)) return 0;
return 0; if (n == -ECHRNG) {
if (n == -EXFULL) { log_ratelimit_warning_errno(n, JOURNAL_LOG_RATELIMIT,
log_ratelimit_warning(JOURNAL_LOG_RATELIMIT, "Got message with truncated control data (too many fds sent?), ignoring.");
"Got message with truncated control data (too many fds sent?), ignoring."); return 0;
return 0;
}
return log_ratelimit_error_errno(n, JOURNAL_LOG_RATELIMIT, "recvmsg() failed: %m");
} }
if (n == -EXFULL) {
log_ratelimit_warning_errno(n, JOURNAL_LOG_RATELIMIT, "Got message with truncated payload data, ignoring.");
return 0;
}
if (n < 0)
return log_ratelimit_error_errno(n, JOURNAL_LOG_RATELIMIT, "Failed to receive message: %m");
CMSG_FOREACH(cmsg, &msghdr) CMSG_FOREACH(cmsg, &msghdr) {
if (cmsg->cmsg_level == SOL_SOCKET && if (cmsg->cmsg_level != SOL_SOCKET)
cmsg->cmsg_type == SCM_CREDENTIALS && continue;
if (cmsg->cmsg_type == SCM_CREDENTIALS &&
cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
assert(!ucred); assert(!ucred);
ucred = CMSG_TYPED_DATA(cmsg, struct ucred); ucred = CMSG_TYPED_DATA(cmsg, struct ucred);
} else if (cmsg->cmsg_level == SOL_SOCKET && } else if (cmsg->cmsg_type == SCM_SECURITY) {
cmsg->cmsg_type == SCM_SECURITY) {
assert(!label); assert(!label);
label = CMSG_TYPED_DATA(cmsg, char); label = CMSG_TYPED_DATA(cmsg, char);
label_len = cmsg->cmsg_len - CMSG_LEN(0); label_len = cmsg->cmsg_len - CMSG_LEN(0);
} else if (cmsg->cmsg_level == SOL_SOCKET && } else if (cmsg->cmsg_type == SCM_TIMESTAMP &&
cmsg->cmsg_type == SCM_TIMESTAMP &&
cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) { cmsg->cmsg_len == CMSG_LEN(sizeof(struct timeval))) {
assert(!tv); assert(!tv);
tv = memcpy(&tv_buf, CMSG_DATA(cmsg), sizeof(struct timeval)); tv = memcpy(&tv_buf, CMSG_DATA(cmsg), sizeof(struct timeval));
} else if (cmsg->cmsg_level == SOL_SOCKET && } else if (cmsg->cmsg_type == SCM_RIGHTS) {
cmsg->cmsg_type == SCM_RIGHTS) {
assert(!fds); assert(!fds);
fds = CMSG_TYPED_DATA(cmsg, int); fds = CMSG_TYPED_DATA(cmsg, int);
n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int); n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
} }
}
/* And a trailing NUL, just in case */ /* And a trailing NUL, just in case */
s->buffer[n] = 0; s->buffer[n] = 0;

View File

@ -600,16 +600,15 @@ _public_ int sd_device_monitor_receive(sd_device_monitor *m, sd_device **ret) {
iov = IOVEC_MAKE(message.buf, n); iov = IOVEC_MAKE(message.buf, n);
n = recvmsg(m->sock, &smsg, 0); n = recvmsg_safe(m->sock, &smsg, 0);
if (n < 0) { if (n < 0) {
if (!ERRNO_IS_TRANSIENT(errno)) if (!ERRNO_IS_NEG_TRANSIENT(n))
log_monitor_errno(m, errno, "Failed to receive message: %m"); log_monitor_errno(m, n, "Failed to receive message: %s",
return -errno; n == -ECHRNG ? "got truncated control data" :
n == -EXFULL ? "got truncated payload data" :
STRERROR((int) n));
return n;
} }
if (smsg.msg_flags & MSG_TRUNC)
return log_monitor_errno(m, SYNTHETIC_ERRNO(EINVAL), "Received truncated message, ignoring message.");
if (n < 32) if (n < 32)
return log_monitor_errno(m, SYNTHETIC_ERRNO(EINVAL), "Invalid message length (%zi), ignoring message.", n); return log_monitor_errno(m, SYNTHETIC_ERRNO(EINVAL), "Invalid message length (%zi), ignoring message.", n);

View File

@ -176,14 +176,19 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
assert(fd >= 0); assert(fd >= 0);
assert(peek || (buf && buf_size > 0)); assert(peek || (buf && buf_size > 0));
n = recvmsg_safe(fd, &msg, MSG_TRUNC | (peek ? MSG_PEEK : 0)); n = recvmsg_safe(fd, &msg, peek ? (MSG_PEEK|MSG_TRUNC) : 0);
if (n == -ENOBUFS) if (ERRNO_IS_NEG_TRANSIENT(n)) {
return log_debug_errno(n, "sd-netlink: kernel receive buffer overrun");
else if (ERRNO_IS_NEG_TRANSIENT(n)) {
if (ret_mcast_group) if (ret_mcast_group)
*ret_mcast_group = 0; *ret_mcast_group = 0;
return 0; return 0;
} else if (n < 0) }
if (n == -ENOBUFS)
return log_debug_errno(n, "sd-netlink: kernel receive buffer overrun");
if (n == -ECHRNG)
return log_debug_errno(n, "sd-netlink: got truncated control message");
if (n == -EXFULL)
return log_debug_errno(n, "sd-netlink: got truncated payload message");
if (n < 0)
return (int) n; return (int) n;
if (sender.nl.nl_pid != 0) { if (sender.nl.nl_pid != 0) {
@ -202,9 +207,6 @@ static int socket_recv_message(int fd, void *buf, size_t buf_size, uint32_t *ret
return 0; return 0;
} }
if (!peek && (size_t) n > buf_size) /* message did not fit in read buffer */
return -EIO;
if (ret_mcast_group) { if (ret_mcast_group) {
struct nl_pktinfo *pi; struct nl_pktinfo *pi;

View File

@ -870,23 +870,25 @@ static int varlink_read(sd_varlink *v) {
bool prefer_read = v->prefer_read; bool prefer_read = v->prefer_read;
if (!prefer_read) { if (!prefer_read) {
n = recv(v->input_fd, p, rs, MSG_DONTWAIT); n = recv(v->input_fd, p, rs, MSG_DONTWAIT);
if (n < 0 && errno == ENOTSOCK) if (n < 0)
n = -errno;
if (n == -ENOTSOCK)
prefer_read = v->prefer_read = true; prefer_read = v->prefer_read = true;
} }
if (prefer_read) if (prefer_read) {
n = read(v->input_fd, p, rs); n = read(v->input_fd, p, rs);
} if (n < 0)
if (n < 0) { n = -errno;
if (errno == EAGAIN)
return 0;
if (ERRNO_IS_DISCONNECT(errno)) {
v->read_disconnected = true;
return 1;
} }
return -errno;
} }
if (ERRNO_IS_NEG_TRANSIENT(n))
return 0;
if (ERRNO_IS_NEG_DISCONNECT(n)) {
v->read_disconnected = true;
return 1;
}
if (n < 0)
return n;
if (n == 0) { /* EOF */ if (n == 0) { /* EOF */
if (v->allow_fd_passing_input) if (v->allow_fd_passing_input)
@ -897,7 +899,7 @@ static int varlink_read(sd_varlink *v) {
} }
if (v->allow_fd_passing_input) { if (v->allow_fd_passing_input) {
struct cmsghdr* cmsg; struct cmsghdr *cmsg;
cmsg = cmsg_find(&mh, SOL_SOCKET, SCM_RIGHTS, (socklen_t) -1); cmsg = cmsg_find(&mh, SOL_SOCKET, SCM_RIGHTS, (socklen_t) -1);
if (cmsg) { if (cmsg) {

View File

@ -215,21 +215,13 @@ int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd
case MACHINE_CONTAINER: { case MACHINE_CONTAINER: {
_cleanup_close_pair_ int pair[2] = EBADF_PAIR; _cleanup_close_pair_ int pair[2] = EBADF_PAIR;
_cleanup_free_ char *us = NULL, *them = NULL;
_cleanup_close_ int netns_fd = -EBADF; _cleanup_close_ int netns_fd = -EBADF;
const char *p;
pid_t child; pid_t child;
r = readlink_malloc("/proc/self/ns/net", &us); r = in_same_namespace(0, m->leader.pid, NAMESPACE_NET);
if (r < 0) if (r < 0)
return r; return r;
if (r > 0)
p = procfs_file_alloca(m->leader.pid, "ns/net");
r = readlink_malloc(p, &them);
if (r < 0)
return r;
if (streq(us, them))
return sd_bus_error_setf(error, BUS_ERROR_NO_PRIVATE_NETWORKING, "Machine %s does not use private networking", m->name); return sd_bus_error_setf(error, BUS_ERROR_NO_PRIVATE_NETWORKING, "Machine %s does not use private networking", m->name);
r = pidref_namespace_open(&m->leader, r = pidref_namespace_open(&m->leader,
@ -290,9 +282,9 @@ int bus_machine_method_get_addresses(sd_bus_message *message, void *userdata, sd
iov[0] = IOVEC_MAKE(&family, sizeof(family)); iov[0] = IOVEC_MAKE(&family, sizeof(family));
iov[1] = IOVEC_MAKE(&in_addr, sizeof(in_addr)); iov[1] = IOVEC_MAKE(&in_addr, sizeof(in_addr));
n = recvmsg(pair[0], &mh, 0); n = recvmsg_safe(pair[0], &mh, 0);
if (n < 0) if (n < 0)
return -errno; return n;
if ((size_t) n < sizeof(family)) if ((size_t) n < sizeof(family))
break; break;

View File

@ -4485,10 +4485,15 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (ERRNO_IS_NEG_TRANSIENT(n)) if (ERRNO_IS_NEG_TRANSIENT(n))
return 0; return 0;
else if (n == -EXFULL) { if (n == -ECHRNG) {
log_warning("Got message with truncated control data (too many fds sent?), ignoring."); log_warning_errno(n, "Got message with truncated control data (too many fds sent?), ignoring.");
return 0; return 0;
} else if (n < 0) }
if (n == -EXFULL) {
log_warning_errno(n, "Got message with truncated payload data, ignoring.");
return 0;
}
if (n < 0)
return log_warning_errno(n, "Couldn't read notification socket: %m"); return log_warning_errno(n, "Couldn't read notification socket: %m");
cmsg_close_all(&msghdr); cmsg_close_all(&msghdr);
@ -4499,11 +4504,6 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
return 0; return 0;
} }
if ((size_t) n >= sizeof(buf)) {
log_warning("Received notify message exceeded maximum size. Ignoring.");
return 0;
}
buf[n] = 0; buf[n] = 0;
tags = strv_split(buf, "\n\r"); tags = strv_split(buf, "\n\r");
if (!tags) if (!tags)

View File

@ -867,8 +867,6 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
if (l <= 0) if (l <= 0)
return l; return l;
assert(!(mh.msg_flags & MSG_TRUNC));
p->size = (size_t) l; p->size = (size_t) l;
p->family = sa.sa.sa_family; p->family = sa.sa.sa_family;

View File

@ -53,8 +53,6 @@ static int server_recv(int fd, DnsPacket **ret) {
if (l <= 0) if (l <= 0)
return l; return l;
assert(!(mh.msg_flags & MSG_TRUNC));
p->size = (size_t) l; p->size = (size_t) l;
p->family = sa.sa.sa_family; p->family = sa.sa.sa_family;

View File

@ -873,10 +873,15 @@ int ask_password_agent(
n = recvmsg_safe(socket_fd, &msghdr, 0); n = recvmsg_safe(socket_fd, &msghdr, 0);
if (ERRNO_IS_NEG_TRANSIENT(n)) if (ERRNO_IS_NEG_TRANSIENT(n))
continue; continue;
else if (n == -EXFULL) { if (n == -ECHRNG) {
log_debug("Got message with truncated control data, ignoring."); log_debug_errno(n, "Got message with truncated control data (unexpected fds sent?), ignoring.");
continue; continue;
} else if (n < 0) { }
if (n == -EXFULL) {
log_debug_errno(n, "Got message with truncated payload data, ignoring.");
continue;
}
if (n < 0) {
r = (int) n; r = (int) n;
goto finish; goto finish;
} }

View File

@ -938,18 +938,20 @@ static int helper_on_notify(sd_event_source *s, int fd, uint32_t revents, void *
int r; int r;
n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (n < 0) { if (ERRNO_IS_NEG_TRANSIENT(n))
if (ERRNO_IS_TRANSIENT(n)) return 0;
return 0; if (n == -ECHRNG) {
return (int) n; log_warning_errno(n, "Got message with truncated control data (unexpected fds sent?), ignoring.");
}
cmsg_close_all(&msghdr);
if (msghdr.msg_flags & MSG_TRUNC) {
log_warning("Got overly long notification datagram, ignoring.");
return 0; return 0;
} }
if (n == -EXFULL) {
log_warning_errno(n, "Got message with truncated payload data, ignoring.");
return 0;
}
if (n < 0)
return (int) n;
cmsg_close_all(&msghdr);
ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
if (!ucred || ucred->pid <= 0) { if (!ucred || ucred->pid <= 0) {

View File

@ -419,7 +419,7 @@ static int job_start(Job *j) {
if (IN_SET(j->type, JOB_UPDATE, JOB_VACUUM) && j->target->busy) if (IN_SET(j->type, JOB_UPDATE, JOB_VACUUM) && j->target->busy)
return log_notice_errno(SYNTHETIC_ERRNO(EBUSY), "Target %s busy, ignoring job.", j->target->name); return log_notice_errno(SYNTHETIC_ERRNO(EBUSY), "Target %s busy, ignoring job.", j->target->name);
stdout_fd = memfd_new("sysupdate-stdout"); stdout_fd = memfd_new("sysupdate-stdout");
if (stdout_fd < 0) if (stdout_fd < 0)
return log_error_errno(stdout_fd, "Failed to create memfd: %m"); return log_error_errno(stdout_fd, "Failed to create memfd: %m");
@ -1460,18 +1460,20 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void
char *version, *progress, *errno_str, *ready; char *version, *progress, *errno_str, *ready;
n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); n = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (n < 0) { if (ERRNO_IS_NEG_TRANSIENT(n))
if (ERRNO_IS_TRANSIENT(n)) return 0;
return 0; if (n == -ECHRNG) {
return (int) n; log_warning_errno(n, "Got message with truncated control data (unexpected fds sent?), ignoring.");
}
cmsg_close_all(&msghdr);
if (msghdr.msg_flags & MSG_TRUNC) {
log_warning("Got overly long notification datagram, ignoring.");
return 0; return 0;
} }
if (n == -EXFULL) {
log_warning_errno(n, "Got message with truncated payload data, ignoring.");
return 0;
}
if (n < 0)
return (int) n;
cmsg_close_all(&msghdr);
ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
if (!ucred || ucred->pid <= 0) { if (!ucred || ucred->pid <= 0) {

View File

@ -423,15 +423,18 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re
} }
len = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT); len = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT);
if (len == -EAGAIN) if (ERRNO_IS_NEG_TRANSIENT(len))
return 0; return 0;
if (len < 0) { if (len < 0) {
log_warning_errno(len, "Error receiving message, disconnecting: %m"); log_warning_errno(len, "Error receiving message, disconnecting: %s",
len == -ECHRNG ? "got truncated control data" :
len == -EXFULL ? "got truncated payload data" :
STRERROR((int) len));
return manager_connect(m); return manager_connect(m);
} }
/* Too short or too long packet? */ /* Too short packet? */
if (iov.iov_len < sizeof(struct ntp_msg) || (msghdr.msg_flags & MSG_TRUNC)) { if (iov.iov_len < sizeof(struct ntp_msg)) {
log_warning("Invalid response from server. Disconnecting."); log_warning("Invalid response from server. Disconnecting.");
return manager_connect(m); return manager_connect(m);
} }

View File

@ -169,33 +169,40 @@ static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32
* To avoid the object freed, let's increment the refcount. */ * To avoid the object freed, let's increment the refcount. */
uctrl = udev_ctrl_ref(userdata); uctrl = udev_ctrl_ref(userdata);
size = next_datagram_size_fd(fd);
if (size < 0)
return log_error_errno(size, "Failed to get size of message: %m");
if (size == 0)
return 0; /* Client disconnects? */
size = recvmsg_safe(fd, &smsg, 0); size = recvmsg_safe(fd, &smsg, 0);
if (size == -EINTR) if (ERRNO_IS_NEG_TRANSIENT(size))
return 0; return 0;
if (size == -ECHRNG) {
log_warning_errno(size, "Got message with truncated control data (unexpected fds sent?), ignoring.");
return 0;
}
if (size == -EXFULL) {
log_warning_errno(size, "Got message with truncated payload data, ignoring.");
return 0;
}
if (size < 0) if (size < 0)
return log_error_errno(size, "Failed to receive ctrl message: %m"); return log_error_errno(size, "Failed to receive ctrl message: %m");
cmsg_close_all(&smsg); cmsg_close_all(&smsg);
if (size != sizeof(msg_wire)) {
log_warning("Received message with invalid length, ignoring");
return 0;
}
cred = CMSG_FIND_DATA(&smsg, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); cred = CMSG_FIND_DATA(&smsg, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
if (!cred) { if (!cred) {
log_error("No sender credentials received, ignoring message"); log_warning("No sender credentials received, ignoring message");
return 0; return 0;
} }
if (cred->uid != 0) { if (cred->uid != 0) {
log_error("Invalid sender uid "UID_FMT", ignoring message", cred->uid); log_warning("Invalid sender uid "UID_FMT", ignoring message", cred->uid);
return 0; return 0;
} }
if (msg_wire.magic != UDEV_CTRL_MAGIC) { if (msg_wire.magic != UDEV_CTRL_MAGIC) {
log_error("Message magic 0x%08x doesn't match, ignoring message", msg_wire.magic); log_warning("Message magic 0x%08x doesn't match, ignoring message", msg_wire.magic);
return 0; return 0;
} }