qubes_sendmsg_all: Avoid infinite loop on empty iovec

This is currently harmless because none of the callers pass an empty iovec, but this will change in the future.
QubesOS · Feb 14, 2024 · 5f41e36 · 5f41e36
1 parent 760ba80
commit 5f41e36
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/libqrexec/ioall.c b/libqrexec/ioall.c
@@ -219,7 +219,7 @@ int copy_fd_all(int fdout, int fdin)
 
 bool qubes_sendmsg_all(struct msghdr *const msg, int const sock)
 {
-    while (msg->msg_iovlen) {
+    while (msg->msg_iovlen > 0) {
         ssize_t const res = sendmsg(sock, msg, MSG_NOSIGNAL);
         if (res < 0) {
             int const i = errno;
@@ -232,8 +232,7 @@ bool qubes_sendmsg_all(struct msghdr *const msg, int const sock)
         }
 
         size_t unsigned_res = (size_t)res;
-        while (unsigned_res) {
-            assert(msg->msg_iovlen > 0);
+        for (;;) {
             struct iovec *const v = msg->msg_iov;
             if (unsigned_res < v->iov_len) {
                 v->iov_base += unsigned_res;
@@ -243,6 +242,8 @@ bool qubes_sendmsg_all(struct msghdr *const msg, int const sock)
             unsigned_res -= msg->msg_iov[0].iov_len;
             msg->msg_iovlen--;
             msg->msg_iov++;
+            if (msg->msg_iovlen == 0)
+                return true;
         }
     }
     return true;