Skip to content

Commit 8762e05

Browse files
authored
fix(syscall): add addrlen bounds check in ff_hook_bind (#1068)
Reject bind() calls with addrlen larger than sizeof(struct sockaddr_storage) to prevent out-of-bounds reads when copying the address into shared memory via rte_memcpy. Defensive hardening (low-risk; addrlen comes from the local process, not a remote attacker). Cherry-picked from #1067; the accompanying test file in that PR was intentionally omitted because it does not actually exercise ff_hook_bind.
1 parent 07f9bb0 commit 8762e05

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

adapter/syscall/ff_hook_syscall.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -437,6 +437,11 @@ ff_hook_bind(int fd, const struct sockaddr *addr,
437437
return -1;
438438
}
439439

440+
if (addrlen > sizeof(struct sockaddr_storage)) {
441+
errno = EINVAL;
442+
return -1;
443+
}
444+
440445
CHECK_FD_OWNERSHIP(bind, (fd, addr, addrlen));
441446

442447
DEFINE_REQ_ARGS(bind);

0 commit comments

Comments
 (0)