From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 5 Jul 2019 10:55:48 +0000 (+0200)
Subject: seccomp: assert that __reserved is 0 in notify responses
X-Git-Tag: lxc-4.0.0~149^2~11
X-Git-Url: https://git.proxmox.com/?p=mirror_lxc.git;a=commitdiff_plain;h=f910c9e526eb8fbc80d61d56786b80f1b0a0587a

seccomp: assert that __reserved is 0 in notify responses

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 48c4e26f0..af87ab922 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1438,6 +1438,12 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
 
 	close_prot_errno_disarm(fd_mem);
 
+	if (msg.__reserved != 0) {
+		ERROR("Proxy filled reserved data in response");
+		seccomp_notify_default_answer(fd, req, resp, hdlr);
+		goto out;
+	}
+
 	if (resp->id != req_id) {
 		resp->id = req_id;
 		ERROR("Proxy returned response with illegal id");