Skip to content

sync: cherry-pick for release/0.23.x #2767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
poiana merged 1 commit into from
Dec 22, 2025
Merged

sync: cherry-pick for release/0.23.x #2767

poiana merged 1 commit into from
Dec 22, 2025

Conversation

@ekoops
Copy link
Contributor

@ekoops ekoops commented Dec 22, 2025
edited
Loading

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind test

/kind feature

/kind sync

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

This PR cherry-picks from master the content of the following merged PRs:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

@fremmi @ekoops
fix(userspace/libsinsp): prevent infinite loop in ancillary data pars…
c085048 
…ing due to integer overflow

Add validation in ppm_cmsg_nxthdr to ensure cmsg_aligned_len is at least
sizeof(ppm_cmsghdr) after alignment calculation. This prevents an infinite
loop when malformed ancillary data contains cmsg_len = 0xFFFFFFFFFFFFFFFF,
which causes integer overflow in PPM_CMSG_ALIGN macro, resulting in
cmsg_aligned_len = 0 and preventing forward progress in the loop.

Signed-off-by: Francesco Emmi <[email protected]>
@poiana poiana added kind/sync PRs syncing branch with changes coming from another branch release-note-none dco-signoff: yes area/libsinsp size/XS labels Dec 22, 2025
@poiana poiana requested review from irozzo-1A and terror96 December 22, 2025 14:11
@ekoops ekoops changed the title fix(userspace/libsinsp): prevent infinite loop in ancillary data pars… sync: cherry-pick for release/0.22.x Dec 22, 2025
@ekoops ekoops added this to the 0.23.0 milestone Dec 22, 2025
@poiana poiana added the lgtm label Dec 22, 2025
@ekoops ekoops changed the title sync: cherry-pick for release/0.22.x sync: cherry-pick for release/0.23.x Dec 22, 2025
@ekoops ekoops mentioned this pull request Dec 22, 2025
Open
12 tasks
deepskyblue86
deepskyblue86 approved these changes Dec 22, 2025
View reviewed changes
Copy link
Member

@deepskyblue86 deepskyblue86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@github-project-automation github-project-automation bot moved this from Todo to In progress in Falco Roadmap Dec 22, 2025
@poiana
Copy link
Contributor

poiana commented Dec 22, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deepskyblue86, ekoops, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [deepskyblue86,ekoops,leogr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit ed469da into falcosecurity:release/0.23.x Dec 22, 2025
89 of 92 checks passed
@github-project-automation github-project-automation bot moved this from In progress to Done in Falco Roadmap Dec 22, 2025
@ekoops ekoops deleted the ekoops/sync-release-0.23.x branch December 22, 2025 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leogr leogr leogr approved these changes

@deepskyblue86 deepskyblue86 deepskyblue86 approved these changes

@irozzo-1A irozzo-1A Awaiting requested review from irozzo-1A

@terror96 terror96 Awaiting requested review from terror96

Assignees

@leogr leogr

@deepskyblue86 deepskyblue86

Labels

approved area/libsinsp dco-signoff: yes kind/sync PRs syncing branch with changes coming from another branch lgtm release-note-none size/XS

Projects

Falco Roadmap
Status: Done

Milestone

0.23.0

Development

Successfully merging this pull request may close these issues.

5 participants

@ekoops @poiana @leogr @deepskyblue86 @fremmi