]> git.proxmox.com Git - mirror_lxc.git/commitdiff
projects / mirror_lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4a094ee)
seccomp: assert that __reserved is 0 in notify responses
authorWolfgang Bumiller <w.bumiller@proxmox.com>
Fri, 5 Jul 2019 10:55:48 +0000 (12:55 +0200)
committerWolfgang Bumiller <w.bumiller@proxmox.com>
Tue, 9 Jul 2019 10:25:10 +0000 (12:25 +0200)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
src/lxc/seccomp.c patch | blob | blame | history

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 48c4e26f0d7977a00f474d0a09cd0e488ad145bd..af87ab922165e7cda842359992ce7de0b7ac41da 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1438,6 +1438,12 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 
        close_prot_errno_disarm(fd_mem);
 
+       if (msg.__reserved != 0) {
+               ERROR("Proxy filled reserved data in response");
+               seccomp_notify_default_answer(fd, req, resp, hdlr);
+               goto out;
+       }
+
        if (resp->id != req_id) {
                resp->id = req_id;
                ERROR("Proxy returned response with illegal id");
LXC mirror