truss: Make control message header parsing more robust
ClosedPublic
Actions

Authored by markj on Jun 13 2022, 9:07 PM.

Details

Reviewers

tuexen
jhb

Commits

rG4b0c6fa0dcea: truss: Make control message header parsing more robust

Summary

print_cmsg() was assuming that the control message chain is well-formed,
but that isn't necessarily the case for sendmsg(2). In particular, if
cmsg_len is zero, print_cmsg() will loop forever. Check for truncated
headers and try to recover if possible.

Test Plan

This was found by running a syzkaller reproducer under truss. Now it prints:

94908: sendmsg(3,{NULL,0,0x0,0,{{level=SOL_SOCKET,type=SCM_RIGHTS,data={}}{<invalid cmsg len=0>}},108,0},0) ERR#22 'Invalid argument'

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Jun 13 2022, 9:07 PM

Herald added a subscriber: imp. · View Herald TranscriptJun 13 2022, 9:07 PM

markj requested review of this revision.Jun 13 2022, 9:07 PM

Harbormaster completed remote builds in B45963: Diff 106890.Jun 13 2022, 9:07 PM

markj edited the test plan for this revision. (Show Details)Jun 13 2022, 9:07 PM

tuexen accepted this revision.Jun 13 2022, 9:59 PM

This revision is now accepted and ready to land.Jun 13 2022, 9:59 PM

Closed by commit rG4b0c6fa0dcea: truss: Make control message header parsing more robust (authored by markj). · Explain WhyJun 14 2022, 4:02 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG4b0c6fa0dcea: truss: Make control message header parsing more robust.

Revision Contents
Changeset List

Path

Size

usr.bin/

truss/

syscalls.c

10 lines

Diff 106907

View Options

truss: Make control message header parsing more robustClosedPublicActions