From 612558bf7c82461909059f5e17c7621380956e85 Mon Sep 17 00:00:00 2001
From: Jiaqi Gao <jiaqi.gao@intel.com>
Date: Sun, 3 Sep 2023 21:39:52 -0400
Subject: [PATCH] devices/vsock: check the packet length before use

The input vsock packets are untrusted and they should be checked
before they can be used.

We can check its length or use the `new_checked` method to make
sure the read/write on the slice won't panic.

Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
---
 src/devices/vsock/src/transport/virtio_pci.rs | 3 ++-
 src/devices/vsock/src/transport/vmcall.rs     | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/devices/vsock/src/transport/virtio_pci.rs b/src/devices/vsock/src/transport/virtio_pci.rs
index 6d062dc0..b5a91963 100644
--- a/src/devices/vsock/src/transport/virtio_pci.rs
+++ b/src/devices/vsock/src/transport/virtio_pci.rs
@@ -230,7 +230,8 @@ impl VirtioVsock {
                 .ok_or(VsockTransportError::DmaAllocation)?;
         }
 
-        let packet_hdr = Packet::new_unchecked(&hdr_buf[..]);
+        let packet_hdr = Packet::new_checked(&hdr_buf[..])
+            .map_err(|_| VsockTransportError::InvalidVsockPacket)?;
         let data_len = packet_hdr.data_len();
         if data_len != 0 {
             if data_len > pkt[1].len {
diff --git a/src/devices/vsock/src/transport/vmcall.rs b/src/devices/vsock/src/transport/vmcall.rs
index 21324e70..ca31c6d1 100644
--- a/src/devices/vsock/src/transport/vmcall.rs
+++ b/src/devices/vsock/src/transport/vmcall.rs
@@ -94,6 +94,9 @@ impl VmcallVsock {
         let mut header = Vec::new();
         let mut data = Vec::new();
 
+        if pkt.len() < HEADER_LEN {
+            return Err(VsockTransportError::InvalidVsockPacket);
+        }
         // Read out the packet header into a safe place
         header.extend_from_slice(&pkt[..HEADER_LEN]);