Skip to content

L
lxc
Commit f910c9e5 by Wolfgang Bumiller
Options

seccomp: assert that __reserved is 0 in notify responses

Signed-off-by: 's avatarWolfgang Bumiller <w.bumiller@proxmox.com>
parent 4a094eec
Showing with 6 additions and 0 deletions
src/lxc/seccomp.c
...@@ -1438,6 +1438,12 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data, ...@@ -1438,6 +1438,12 @@ int seccomp_notify_handler(int fd, uint32_t events, void *data,
close_prot_errno_disarm(fd_mem); close_prot_errno_disarm(fd_mem);
if (msg.__reserved != 0) {
ERROR("Proxy filled reserved data in response");
seccomp_notify_default_answer(fd, req, resp, hdlr);
goto out;
}
if (resp->id != req_id) { if (resp->id != req_id) {
resp->id = req_id; resp->id = req_id;
ERROR("Proxy returned response with illegal id"); ERROR("Proxy returned response with illegal id");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment