fix(userspace/libsinsp): prevent infinite loop in ancillary data parsing due to integer overflow

Add validation in ppm_cmsg_nxthdr to ensure cmsg_aligned_len is at least
sizeof(ppm_cmsghdr) after alignment calculation. This prevents an infinite
loop when malformed ancillary data contains cmsg_len = 0xFFFFFFFFFFFFFFFF,
which causes integer overflow in PPM_CMSG_ALIGN macro, resulting in
cmsg_aligned_len = 0 and preventing forward progress in the loop.

Signed-off-by: Francesco Emmi <[email protected]>

Author: fremmi

userspace/libsinsp/parsers.cpp

@@ -3192,6 +3192,10 @@ static ppm_cmsghdr *ppm_cmsg_nxthdr(char const *msg_control,
 	}
 
 	size_t const cmsg_aligned_len = PPM_CMSG_ALIGN(cmsg_len);
+	// Guard against infinite loop: ensure we advance by at least sizeof(ppm_cmsghdr)
+	if(cmsg_aligned_len < sizeof(ppm_cmsghdr)) {
+		return nullptr;
+	}
 	cmsg = reinterpret_cast<ppm_cmsghdr *>(reinterpret_cast<char *>(cmsg) + cmsg_aligned_len);
 	if(reinterpret_cast<char *>(cmsg + 1) > msg_control + msg_controllen ||
 	   reinterpret_cast<char *>(cmsg) + cmsg_aligned_len > msg_control + msg_controllen) {