From d8881ca2d3e05e48a273bb0afc45befb25006765 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Tue, 13 Feb 2024 19:45:39 -0500
Subject: [PATCH] qubes_sendmsg_all: Avoid infinite loop on empty iovec

This is currently harmless because none of the callers pass an empty
iovec, but this will change in the future.
---
 libqrexec/ioall.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libqrexec/ioall.c b/libqrexec/ioall.c
index 9dded24e..9530e9df 100644
--- a/libqrexec/ioall.c
+++ b/libqrexec/ioall.c
@@ -219,7 +219,7 @@ int copy_fd_all(int fdout, int fdin)
 
 bool qubes_sendmsg_all(struct msghdr *const msg, int const sock)
 {
-    while (msg->msg_iovlen) {
+    while (msg->msg_iovlen > 0) {
         ssize_t const res = sendmsg(sock, msg, MSG_NOSIGNAL);
         if (res < 0) {
             int const i = errno;
@@ -232,17 +232,18 @@ bool qubes_sendmsg_all(struct msghdr *const msg, int const sock)
         }
 
         size_t unsigned_res = (size_t)res;
-        while (unsigned_res) {
-            assert(msg->msg_iovlen > 0);
+        for (;;) {
             struct iovec *const v = msg->msg_iov;
             if (unsigned_res < v->iov_len) {
                 v->iov_base += unsigned_res;
                 v->iov_len -= unsigned_res;
                 break;
             }
-            unsigned_res -= msg->msg_iov[0].iov_len;
+            unsigned_res -= v->iov_len;
             msg->msg_iovlen--;
             msg->msg_iov++;
+            if (msg->msg_iovlen == 0)
+                return true;
         }
     }
     return true;