-
Daniel P. Berrangé authoredWhen sending file descriptors over a socket, we have to allocate a data buffer to hold the FDs in the scmsghdr. Unfortunately we allocated the buffer on the stack inside an if () {} block, but called sendmsg() outside the block. So the stack bytes holding the FDs were liable to be overwritten with other data. By luck this was not a problem when sending 1 FD, but if sending 2 or more then it would fail. The fix is to simply move the variables outside the nested 'if' block. To keep valgrind quiet we also zero-initialize the 'control' buffer. Reviewed-by:
Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>Daniel P. Berrangé authoredWhen sending file descriptors over a socket, we have to allocate a data buffer to hold the FDs in the scmsghdr. Unfortunately we allocated the buffer on the stack inside an if () {} block, but called sendmsg() outside the block. So the stack bytes holding the FDs were liable to be overwritten with other data. By luck this was not a problem when sending 1 FD, but if sending 2 or more then it would fail. The fix is to simply move the variables outside the nested 'if' block. To keep valgrind quiet we also zero-initialize the 'control' buffer. Reviewed-by:Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Loading