qubes_sendmsg_all: Avoid infinite loop on empty iovec

This is currently harmless because none of the callers pass an empty iovec, but this will change in the future.
QubesOS · Apr 11, 2024 · d8881ca · d8881ca
1 parent f8d9343
commit d8881ca
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/libqrexec/ioall.c b/libqrexec/ioall.c
@@ -219,7 +219,7 @@ int copy_fd_all(int fdout, int fdin)
 
 bool qubes_sendmsg_all(struct msghdr *const msg, int const sock)
 {
-    while (msg->msg_iovlen) {
+    while (msg->msg_iovlen > 0) {
         ssize_t const res = sendmsg(sock, msg, MSG_NOSIGNAL);
         if (res < 0) {
             int const i = errno;
@@ -232,17 +232,18 @@ bool qubes_sendmsg_all(struct msghdr *const msg, int const sock)
         }
 
         size_t unsigned_res = (size_t)res;
-        while (unsigned_res) {
-            assert(msg->msg_iovlen > 0);
+        for (;;) {
             struct iovec *const v = msg->msg_iov;
             if (unsigned_res < v->iov_len) {
                 v->iov_base += unsigned_res;
                 v->iov_len -= unsigned_res;
                 break;
             }
-            unsigned_res -= msg->msg_iov[0].iov_len;
+            unsigned_res -= v->iov_len;
             msg->msg_iovlen--;
             msg->msg_iov++;
+            if (msg->msg_iovlen == 0)
+                return true;
         }
     }
     return true;