Commit 8762e05
authored
fix(syscall): add addrlen bounds check in ff_hook_bind (#1068)
Reject bind() calls with addrlen larger than sizeof(struct sockaddr_storage)
to prevent out-of-bounds reads when copying the address into shared memory
via rte_memcpy.
Defensive hardening (low-risk; addrlen comes from the local process, not a
remote attacker). Cherry-picked from #1067; the accompanying test file in
that PR was intentionally omitted because it does not actually exercise
ff_hook_bind.1 parent 07f9bb0 commit 8762e05
1 file changed
Lines changed: 5 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
437 | 437 | | |
438 | 438 | | |
439 | 439 | | |
| 440 | + | |
| 441 | + | |
| 442 | + | |
| 443 | + | |
| 444 | + | |
440 | 445 | | |
441 | 446 | | |
442 | 447 | | |
| |||
0 commit comments