uml: avoid crash on partial read

Coverity detected a potential dereference of uninitialized memory if recvfrom got cut short. * src/uml/uml_driver.c (umlMonitorCommand): Validate complete read prior to dereferencing res.

uml: avoid crash on partial read
Coverity detected a potential dereference of uninitialized memory if recvfrom got cut short. * src/uml/uml_driver.c (umlMonitorCommand): Validate complete read prior to dereferencing res.
4acbb298 · Eric Blake · Jim Meyering · 2103d87c · 4acbb298
隐藏空白更改
内联并排

Showing with 12 addition and 2 deletion

src/uml/uml_driver.c src/uml/uml_driver.c +12 -2

未找到文件。
--- a/src/uml/uml_driver.c
+++ b/src/uml/uml_driver.c
@@ -733,14 +733,24 @@ static int umlMonitorCommand(virConnectPtr conn,
    }
    do {
+        ssize_t nbytes;
        addrlen = sizeof(addr);
-        if (recvfrom(priv->monitor, &res, sizeof res, 0,
+        nbytes = recvfrom(priv->monitor, &res, sizeof res, 0,
-                     (struct sockaddr *)&addr, &addrlen) < 0) {
+                          (struct sockaddr *)&addr, &addrlen) < 0;
+        if (nbytes < 0) {
+            if (errno == EAGAIN || errno == EINTR)
+                continue;
            virReportSystemError(errno,
                                 _("cannot read reply %s"),
                                 cmd);
            goto error;
        }
+        if (nbytes < sizeof res) {
+            virReportSystemError(errno,
+                                 _("incomplete reply %s"),
+                                 cmd);
+            goto error;
+        }
        if (VIR_REALLOC_N(retdata, retlen + res.length) < 0) {
            virReportOOMError();