Kernel: Harden sys$sendmsg / sys$recvmsg Vector usage against OOM.

author: Brian Gianforcaro <bgianf@serenityos.org> 2021-04-29 01:11:24 -0700
committer: Andreas Kling <kling@serenityos.org> 2021-04-29 20:31:15 +0200
commit: cd29eb7867c07c8236deb7650fbbb51b5a36e88e (patch)
tree: 843ef3c3f532ef2fb17e0364cc5820d5f3622153 /Kernel
parent: 6288ae2c379ed43348cf3d240376add5a9c70c0d (diff)
download: serenity-cd29eb7867c07c8236deb7650fbbb51b5a36e88e.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/Kernel/Syscalls/socket.cpp b/Kernel/Syscalls/socket.cpp
index e858898693..13ffd8d9f6 100644
--- a/Kernel/Syscalls/socket.cpp
+++ b/Kernel/Syscalls/socket.cpp
@@ -178,7 +178,8 @@ KResultOr<ssize_t> Process::sys$sendmsg(int sockfd, Userspace<const struct msghd
     if (msg.msg_iovlen != 1)
         return ENOTSUP; // FIXME: Support this :)
     Vector<iovec, 1> iovs;
-    iovs.resize(msg.msg_iovlen);
+    if (!iovs.try_resize(msg.msg_iovlen))
+        return ENOMEM;
     if (!copy_n_from_user(iovs.data(), msg.msg_iov, msg.msg_iovlen))
         return EFAULT;
 
@@ -213,7 +214,8 @@ KResultOr<ssize_t> Process::sys$recvmsg(int sockfd, Userspace<struct msghdr*> us
     if (msg.msg_iovlen != 1)
         return ENOTSUP; // FIXME: Support this :)
     Vector<iovec, 1> iovs;
-    iovs.resize(msg.msg_iovlen);
+    if (!iovs.try_resize(msg.msg_iovlen))
+        return ENOMEM;
     if (!copy_n_from_user(iovs.data(), msg.msg_iov, msg.msg_iovlen))
         return EFAULT;
author	Brian Gianforcaro <bgianf@serenityos.org>	2021-04-29 01:11:24 -0700
committer	Andreas Kling <kling@serenityos.org>	2021-04-29 20:31:15 +0200
commit	cd29eb7867c07c8236deb7650fbbb51b5a36e88e (patch)
tree	843ef3c3f532ef2fb17e0364cc5820d5f3622153 /Kernel
parent	6288ae2c379ed43348cf3d240376add5a9c70c0d (diff)
download	serenity-cd29eb7867c07c8236deb7650fbbb51b5a36e88e.zip