syscall: validate ParseUnixCredentials inputs

Don't panic, crash, or return references to uninitialized memory when
ParseUnixCredentials is passed invalid input.

Fixes #16475

Change-Id: I140d41612e8cd8caaa94be829a415159659c217b
Reviewed-on: https://go-review.googlesource.com/25154
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/src/syscall/sockcmsg_linux.go b/src/syscall/sockcmsg_linux.go
index 5a56b25bebba275cc6ab65ffa3abaa83953e72f7..4cb9075ba8c2b63a0405ea7b51bcd4f8e749d5d5 100644 (file)
--- a/src/syscall/sockcmsg_linux.go
+++ b/src/syscall/sockcmsg_linux.go
@@ -31,6 +31,9 @@ func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) {
        if m.Header.Type != SCM_CREDENTIALS {
                return nil, EINVAL
        }
+       if uintptr(len(m.Data)) < unsafe.Sizeof(Ucred{}) {
+               return nil, EINVAL
+       }
        ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
        return &ucred, nil
 }