diff options
| author | Liu Jiang <gerry@linux.alibaba.com> | 2021-02-21 23:10:50 +0800 |
|---|---|---|
| committer | Sergio Lopez <slp@sinrega.org> | 2021-03-01 12:50:56 +0100 |
| commit | 21b89b2ff5c418144760d08c2000776d0f0792f0 (patch) | |
| tree | 8173fd842731d547eaa99f1c98733126e696d99a /src/vhost_user | |
| parent | 9e22e2fe2f0f22161eb292a538e5b712d1f7d9be (diff) | |
| download | vmm_vhost-21b89b2ff5c418144760d08c2000776d0f0792f0.tar.gz | |
vhost_user: fix a bug in SlaveReqHandler
An acknowlege reply message should be sent iif:
1) the VHOST_USER_PROTOCOL_F_REPLY_ACK feature is nogotiated,
2) the NEED_REPLY in header.flags is set.
Also enforce stricter validation for message size.
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Diffstat (limited to 'src/vhost_user')
| -rw-r--r-- | src/vhost_user/master.rs | 5 | ||||
| -rw-r--r-- | src/vhost_user/slave_req_handler.rs | 7 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/vhost_user/master.rs b/src/vhost_user/master.rs index 906932c..65c7960 100644 --- a/src/vhost_user/master.rs +++ b/src/vhost_user/master.rs @@ -569,7 +569,10 @@ impl MasterInternal { &mut self, hdr: &VhostUserMsgHeader<MasterReq>, ) -> VhostUserResult<(T, Vec<u8>, Option<Vec<RawFd>>)> { - if mem::size_of::<T>() > MAX_MSG_SIZE || hdr.is_reply() { + if mem::size_of::<T>() > MAX_MSG_SIZE + || hdr.get_size() as usize <= mem::size_of::<T>() + || hdr.is_reply() + { return Err(VhostUserError::InvalidParam); } self.check_state()?; diff --git a/src/vhost_user/slave_req_handler.rs b/src/vhost_user/slave_req_handler.rs index 95e23d1..985693f 100644 --- a/src/vhost_user/slave_req_handler.rs +++ b/src/vhost_user/slave_req_handler.rs @@ -552,7 +552,10 @@ impl<S: VhostUserSlaveReqHandler> SlaveReqHandler<S> { req: &VhostUserMsgHeader<MasterReq>, payload_size: usize, ) -> Result<VhostUserMsgHeader<MasterReq>> { - if mem::size_of::<T>() > MAX_MSG_SIZE { + if mem::size_of::<T>() > MAX_MSG_SIZE + || payload_size > MAX_MSG_SIZE + || mem::size_of::<T>() + payload_size > MAX_MSG_SIZE + { return Err(Error::InvalidParam); } self.check_state()?; @@ -568,7 +571,7 @@ impl<S: VhostUserSlaveReqHandler> SlaveReqHandler<S> { req: &VhostUserMsgHeader<MasterReq>, res: Result<()>, ) -> Result<()> { - if self.reply_ack_enabled { + if self.reply_ack_enabled && req.is_need_reply() { let hdr = self.new_reply_header::<VhostUserU64>(req, 0)?; let val = match res { Ok(_) => 0, |