From f910c9e526eb8fbc80d61d56786b80f1b0a0587a Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Fri, 5 Jul 2019 12:55:48 +0200 Subject: [PATCH] seccomp: assert that __reserved is 0 in notify responses Signed-off-by: Wolfgang Bumiller --- src/lxc/seccomp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c index 48c4e26f0..af87ab922 100644 --- a/src/lxc/seccomp.c +++ b/src/lxc/seccomp.c @@ -1438,6 +1438,12 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data, close_prot_errno_disarm(fd_mem); + if (msg.__reserved != 0) { + ERROR("Proxy filled reserved data in response"); + seccomp_notify_default_answer(fd, req, resp, hdlr); + goto out; + } + if (resp->id != req_id) { resp->id = req_id; ERROR("Proxy returned response with illegal id"); -- 2.39.2