From d9fd1d37079b7e439d2a1a12994bdbc106015d03 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 30 Oct 2024 14:55:09 +0100
Subject: [PATCH] coredump: allow only empty messages after first "sentinel"

---
 src/coredump/coredump.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 209d2548c2..dc725d1b22 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -1151,8 +1151,14 @@ static int process_socket(int fd) {
                         r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Received unexpected file descriptors.");
                         goto finish;
 
-                } else
-                        cmsg_close_all(&mh);
+                }
+                cmsg_close_all(&mh);
+
+                /* Only zero length messages are allowed after the first message that carried a file descriptor. */
+                if (!first) {
+                        r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Received unexpected message with non zero length.");
+                        goto finish;
+                }
 
                 /* Add trailing NUL byte, in case these are strings */
                 ((char*) iovec.iov_base)[n] = 0;
-- 
2.25.1