From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 29117 invoked from network); 12 Jan 2021 07:58:42 -0000
Received: from mother.openwall.net (195.42.179.200)
  by inbox.vuxu.org with ESMTPUTF8; 12 Jan 2021 07:58:42 -0000
Received: (qmail 20447 invoked by uid 550); 12 Jan 2021 07:58:40 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 20414 invoked from network); 12 Jan 2021 07:58:40 -0000
From: "zhuyan (M)" <zhuyan34@huawei.com>
To: "musl@lists.openwall.com" <musl@lists.openwall.com>
CC: Zengweilin <zengweilin@huawei.com>, "liucheng (G)"
	<liucheng32@huawei.com>, "chenzefeng (A)" <chenzefeng2@huawei.com>
Thread-Topic: [PATCH] fix segfault in recvmsg when msg argument is NULL
Thread-Index: AQHW6LiWjHkyc42Eek6mkeEVz2afgaojn8ig
Date: Tue, 12 Jan 2021 07:58:26 +0000
Message-ID: <05a7bdabe45f473c8d1a25d2cd20c1f5@huawei.com>
References: <20210112075724.58561-1-zhuyan34@huawei.com>
In-Reply-To: <20210112075724.58561-1-zhuyan34@huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.67.102.217]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: [musl] [PATCH] fix segfault in recvmsg when msg argument is NULL


When msg is NULL, msg->msg_controllen exists to dereference a null pointer =
in recvmsg.

The commit ae388becb529428ac926da102f1d025b3c3968da introduces this problem

Signed-off-by: Qing Wu <wuqing30@huawei.com>
Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
---
 src/network/recvmsg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/network/recvmsg.c b/src/network/recvmsg.c index 03641625..=
c36ffb8d 100644
--- a/src/network/recvmsg.c
+++ b/src/network/recvmsg.c
@@ -4,6 +4,7 @@
 #include <sys/time.h>
 #include <string.h>
 #include "syscall.h"
+#include <errno.h>
=20
 hidden void __convert_scm_timestamps(struct msghdr *, socklen_t);
=20
@@ -49,6 +50,8 @@ void __convert_scm_timestamps(struct msghdr *msg, socklen=
_t csize)
=20
 ssize_t recvmsg(int fd, struct msghdr *msg, int flags)  {
+	if (!msg) return -EINVAL;
+
 	ssize_t r;
 	socklen_t orig_controllen =3D msg->msg_controllen;  #if LONG_MAX > INT_MA=
X
--
2.12.3