mirrors/monado
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/monado/monado.git synced 2025-02-05 13:28:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ipc/util: Don't follow null pointers and add alignment paranoia

Browse source
This commit is contained in:
Jakob Bornecrantz 2020-05-30 19:30:30 +01:00
parent 05827abd8e
commit 9ec0b559d4
3 changed files with 27 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/changes/ipc/mr.359.2.md Normal file
View file

@ -0,0 +1,3 @@
util: Make sure to not access NULL control messages, say in the case of the
server failing to create a swapchain. Also add a whole bunch of paranoia when
it comes to the alignment of the control message buffers.

19
src/xrt/ipc/ipc_client_utils.c
View file

@ -91,9 +91,13 @@ ipc_client_send_and_get_reply_fds(ipc_connection_t *ipc_c,
return IPC_FAILURE;
}
union {
uint8_t buf[512];
struct cmsghdr align;
} u;
const size_t fds_size = sizeof(int) * num_fds;
char buf[CMSG_SPACE(fds_size)];
memset(buf, 0, sizeof(buf));
const size_t cmsg_size = CMSG_SPACE(fds_size);
memset(u.buf, 0, cmsg_size);
struct iovec iov = {0};
iov.iov_base = reply_ptr;
@ -102,8 +106,8 @@ ipc_client_send_and_get_reply_fds(ipc_connection_t *ipc_c,
struct msghdr msg = {0};
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_control = buf;
msg.msg_controllen = sizeof(buf);
msg.msg_control = u.buf;
msg.msg_controllen = cmsg_size;
ssize_t len = recvmsg(ipc_c->socket_fd, &msg, 0);
@ -120,9 +124,14 @@ ipc_client_send_and_get_reply_fds(ipc_connection_t *ipc_c,
return -1;
}
// Did the server actually return file descriptors.
struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
memcpy(fds, (int *)CMSG_DATA(cmsg), fds_size);
if (cmsg == NULL) {
os_mutex_unlock(&ipc_c->mutex);
return IPC_SUCCESS;
}
memcpy(fds, (int *)CMSG_DATA(cmsg), fds_size);
os_mutex_unlock(&ipc_c->mutex);
return IPC_SUCCESS;

15
src/xrt/ipc/ipc_server_utils.c
View file

@ -53,7 +53,11 @@ ipc_reply(int socket, void *data, size_t len)
int
ipc_reply_fds(int socket, void *data, size_t size, int *fds, uint32_t num_fds)
{
uint8_t cmsgbuf[CMSG_SPACE(sizeof(int) * num_fds)];
union {
uint8_t buf[512];
struct cmsghdr align;
} u;
size_t cmsg_size = CMSG_SPACE(sizeof(int) * num_fds);
struct iovec iov = {0};
iov.iov_base = data;
@ -65,15 +69,16 @@ ipc_reply_fds(int socket, void *data, size_t size, int *fds, uint32_t num_fds)
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_flags = 0;
msg.msg_control = cmsgbuf;
msg.msg_controllen = CMSG_LEN(sizeof(int) * num_fds);
msg.msg_control = u.buf;
msg.msg_controllen = cmsg_size;
const size_t fds_size = sizeof(int) * num_fds;
struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(int) * num_fds);
cmsg->cmsg_len = CMSG_LEN(fds_size);
memcpy(CMSG_DATA(cmsg), fds, num_fds * sizeof(int));
memcpy(CMSG_DATA(cmsg), fds, fds_size);
ssize_t ret = sendmsg(socket, &msg, MSG_NOSIGNAL);
if (ret < 0) {