seccomp: recvmsg with MSG_TRUNC

We only read the message without the cookie. For now assert that the sender also didn't try to send more by letting `recvmsg()` return the original size of the packet if it was longer. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

seccomp: recvmsg with MSG_TRUNC
87e547d9 · Wolfgang Bumiller · 214008ee · 87e547d9
Commit 87e547d9 authored Jul 08, 2019 by Wolfgang Bumiller
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

seccomp.c src/lxc/seccomp.c +2 -1

No files found.
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1466,7 +1466,8 @@ retry:
 		goto out;
 	}

-	bytes = lxc_recvmsg_nointr_iov(listener_proxy_fd, iov,iov_len, 0);
+	bytes = lxc_recvmsg_nointr_iov(listener_proxy_fd, iov,iov_len,
+				       MSG_TRUNC);
 	if (bytes != (ssize_t)msg_base_size) {
 		SYSERROR("Failed to receive message from seccomp proxy");
 		seccomp_notify_default_answer(fd, req, resp, hdlr);