Improve commentary for prior

rsmarples · rsmarples · commit 834a322fded6 · 2025-11-18T07:29:34.000Z
diff --git a/src/privsep-root.c b/src/privsep-root.c
@@ -99,17 +99,27 @@ ps_root_readerrorcb(struct psr_ctx *psr_ctx)
 	if (eloop_waitfd(fd) == -1)
 		PSR_ERROR(errno);
 
+	/* We peek at the psr_error structure to tell us how much of a buffer
+	 * we need to read the whole packet. */
 	len = recvmsg(fd, &msg, MSG_PEEK | MSG_WAITALL);
 	if (len == -1)
 		PSR_ERROR(errno);
-	else if ((size_t)len < sizeof(*psr_error))
+
+	/* After this point, we MUST do another recvmsg even on a failure
+	 * to remove the message after peeking. */
+	if ((size_t)len < sizeof(*psr_error))
 		goto recv;
 
 	if (psr_ctx->psr_usemdata &&
 	    psr_error->psr_datalen > psr_ctx->psr_mdatalen)
 	{
 		void *d = realloc(psr_ctx->psr_mdata, psr_error->psr_datalen);
 
+		/* If we failed to malloc then psr_mdatalen will be smaller
+		 * than psr_datalen.
+		 * The following recvmsg will get MSG_TRUNC so the malloc error
+		 * will be reported there but more importantly the
+		 * message will be correctly discarded from the queue. */
 		if (d != NULL) {
 			psr_ctx->psr_mdata = d;
 			psr_ctx->psr_mdatalen = psr_error->psr_datalen;
@@ -118,7 +128,10 @@ ps_root_readerrorcb(struct psr_ctx *psr_ctx)
 	if (psr_error->psr_datalen != 0) {
 		if (psr_ctx->psr_usemdata) {
 			iov[1].iov_base = psr_ctx->psr_mdata;
-			iov[1].iov_len = psr_ctx->psr_mdatalen;
+			/* psr_mdatalen could be smaller then psr_datalen
+			 * if the above malloc failed. */
+			iov[1].iov_len =
+			    MIN(psr_ctx->psr_mdatalen, psr_ctx->psr_datalen);
 		} else {
 			iov[1].iov_base = psr_ctx->psr_data;
 			iov[1].iov_len = psr_ctx->psr_datalen;
