From 9213d1e92686ad650aa093e7e853b3996c926779 Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Thu, 6 May 2021 08:27:51 +0200 Subject: Kernel: Truncate UDP packets on read When reading UDP packets from userspace with recvmsg()/recv() we would hit a VERIFY() if the supplied buffer is smaller than the received UDP packet. Instead we should just return truncated data to the caller. This can be reproduced with: $ dd if=/dev/zero bs=1k count=1 | nc -u 192.168.3.190 68 --- Kernel/Net/UDPSocket.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Kernel/Net/UDPSocket.cpp') diff --git a/Kernel/Net/UDPSocket.cpp b/Kernel/Net/UDPSocket.cpp index 70a96e5066..fb08f20180 100644 --- a/Kernel/Net/UDPSocket.cpp +++ b/Kernel/Net/UDPSocket.cpp @@ -64,10 +64,10 @@ KResultOr UDPSocket::protocol_receive(ReadonlyBytes raw_ipv4_packet, Use auto& ipv4_packet = *(const IPv4Packet*)(raw_ipv4_packet.data()); auto& udp_packet = *static_cast(ipv4_packet.payload()); VERIFY(udp_packet.length() >= sizeof(UDPPacket)); // FIXME: This should be rejected earlier. - VERIFY(buffer_size >= (udp_packet.length() - sizeof(UDPPacket))); - if (!buffer.write(udp_packet.payload(), udp_packet.length() - sizeof(UDPPacket))) + size_t read_size = min(buffer_size, udp_packet.length() - sizeof(UDPPacket)); + if (!buffer.write(udp_packet.payload(), read_size)) return EFAULT; - return udp_packet.length() - sizeof(UDPPacket); + return read_size; } KResultOr UDPSocket::protocol_send(const UserOrKernelBuffer& data, size_t data_length) -- cgit v1.2.3