summaryrefslogtreecommitdiffstats
path: root/sandbox/linux/seccomp/socketcall.cc
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox/linux/seccomp/socketcall.cc')
-rw-r--r--sandbox/linux/seccomp/socketcall.cc8
1 files changed, 3 insertions, 5 deletions
diff --git a/sandbox/linux/seccomp/socketcall.cc b/sandbox/linux/seccomp/socketcall.cc
index 43116bb..497e5e2 100644
--- a/sandbox/linux/seccomp/socketcall.cc
+++ b/sandbox/linux/seccomp/socketcall.cc
@@ -288,8 +288,7 @@ bool Sandbox::process_sendmsg(int parentMapsFd, int sandboxFd, int threadFdPub,
die("Failed to read parameters for sendmsg() [process]");
}
- if (data.msg.msg_namelen < 0 || data.msg.msg_namelen > 4096 ||
- data.msg.msg_controllen < 0 || data.msg.msg_controllen > 4096) {
+ if (data.msg.msg_namelen > 4096 || data.msg.msg_controllen > 4096) {
die("Unexpected size for socketcall() payload [process]");
}
char extra[data.msg.msg_namelen + data.msg.msg_controllen];
@@ -767,7 +766,7 @@ bool Sandbox::process_socketcall(int parentMapsFd, int sandboxFd,
// Verify that the length for the payload is reasonable. We don't want to
// blow up our stack, and excessive (or negative) buffer sizes are almost
// certainly a bug.
- if (numExtraData < 0 || numExtraData > 4096) {
+ if (numExtraData > 4096) {
die("Unexpected size for socketcall() payload [process]");
}
@@ -783,8 +782,7 @@ bool Sandbox::process_socketcall(int parentMapsFd, int sandboxFd,
ssize_t numSendmsgExtra = 0;
if (socketcall_req.call == SYS_SENDMSG) {
struct msghdr* msg = reinterpret_cast<struct msghdr*>(extra);
- if (msg->msg_namelen < 0 || msg->msg_namelen > 4096 ||
- msg->msg_controllen < 0 || msg->msg_controllen > 4096) {
+ if (msg->msg_namelen > 4096 || msg->msg_controllen > 4096) {
die("Unexpected size for socketcall() payload [process]");
}
numSendmsgExtra = msg->msg_namelen + msg->msg_controllen;
generated by cgit v1.1 at 2024-09-13 04:50:53 +0000