From 966f89d998a20eddb45666f06dd42a3c3fc94574 Mon Sep 17 00:00:00 2001
From: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Wed, 5 Feb 2020 16:05:29 +0100
Subject: [PATCH] vhost: check message header size read

This patch adds a check to ensure the read size of
the Vhost-user message header is not smaller than
the expected size.

In case of unexpected read size, report an error
and close file descriptors passed with the message,
if any.

Fixes: 8f972312b8f4 ("vhost: support vhost-user")
Cc: stable@dpdk.org

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
---
 lib/librte_vhost/vhost_user.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
index 9f14ea6676..91482ccd67 100644
--- a/lib/librte_vhost/vhost_user.c
+++ b/lib/librte_vhost/vhost_user.c
@@ -2456,8 +2456,13 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg)
 
 	ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE,
 		msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num);
-	if (ret <= 0)
+	if (ret <= 0) {
 		return ret;
+	} else if (ret != VHOST_USER_HDR_SIZE) {
+		VHOST_LOG_CONFIG(ERR, "Unexpected header size read\n");
+		close_msg_fds(msg);
+		return -1;
+	}
 
 	if (msg->size) {
 		if (msg->size > sizeof(msg->payload)) {
-- 
2.20.1