connection: check for invalid items in kdbus_conn_kmsg_send()

Iterate the items and reject everything but KDBUS_ITEM_SIGMASK.

Signed-off-by: Daniel Mack <daniel@zonque.org>

diff --git a/connection.c b/connection.c
index 5e3a96cf7ad663cb625bc78f1cbd67067b98d0b1..87242298b10ffb2b9d85c095d9f30f8e91bfeee8 100644 (file)
--- a/connection.c
+++ b/connection.c
@@ -724,12 +724,22 @@ int kdbus_conn_kmsg_send(struct kdbus_ep *ep,
        struct kdbus_msg *msg = &kmsg->msg;
        struct kdbus_conn *conn_dst = NULL;
        struct kdbus_bus *bus = ep->bus;
+       struct kdbus_item *item;
        int ret = 0;
 
        /* assign domain-global message sequence number */
        if (WARN_ON(kmsg->seq > 0))
                return -EINVAL;
 
+       KDBUS_ITEMS_FOREACH(item, cmd->items, KDBUS_ITEMS_SIZE(cmd, items)) {
+               switch (item->type) {
+               case KDBUS_ITEM_SIGMASK:
+                       break;
+               default:
+                       return -EINVAL;
+               }
+       }
+
        kmsg->seq = atomic64_inc_return(&bus->domain->msg_seq_last);
 
        if (msg->dst_id == KDBUS_DST_ID_BROADCAST) {