samples/seccomp: Zero out members based on seccomp_notif_sizes

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The sizes by which seccomp_notif and seccomp_notif_resp are allocated are
based on the SECCOMP_GET_NOTIF_SIZES ioctl. This allows for graceful
extension of these datastructures. If userspace zeroes out the
datastructure based on its version, and it is lagging behind the kernel's
version, it will end up sending trailing garbage. On the other hand,
if it is ahead of the kernel version, it will write extra zero space,
and potentially cause corruption.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Tycho Andersen <tycho@tycho.ws>
Link: https://lore.kernel.org/r/20191230203503.4925-1-sargun@sargun.me
Fixes: fec7b6690541 ("samples: add an example of seccomp user trap")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>

authored by

Sargun Dhillon and committed by

Kees Cook 6 years ago 771b894f fd698849

+2 -2

1 changed file

expand all

samples

seccomp

user-trap.c

+2 -2

samples/seccomp/user-trap.c

··· 298 298 req = malloc(sizes.seccomp_notif); 299 299 if (!req) 300 300 goto out_close; 301 - memset(req, 0, sizeof(*req)); 302 301 303 302 resp = malloc(sizes.seccomp_notif_resp); 304 303 if (!resp) 305 304 goto out_req; 306 - memset(resp, 0, sizeof(*resp)); 305 + memset(resp, 0, sizes.seccomp_notif_resp); 307 306 308 307 while (1) { 308 + memset(req, 0, sizes.seccomp_notif); 309 309 if (ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, req)) { 310 310 perror("ioctl recv"); 311 311 goto out_resp;