| Message ID | 20181010223656.31632-2-f4bug@amsat.org |
|---|---|
| State | New |
| Headers | show |
| Series | linux-user: strace improvements | expand |
On 11/10/2018 00:36, Philippe Mathieu-Daudé wrote: > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > Tested-By: Guido Günther <agx@sigxcpu.org> > Reviewed-by: Laurent Vivier <laurent@vivier.eu> > --- > linux-user/syscall.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index ae3c0dfef7..ea503381aa 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -2968,6 +2968,11 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, > ret = -TARGET_EINVAL; > goto fail; > } > + if (!access_ok(VERIFY_WRITE, target_addr, addrlen)) { > + ret = -TARGET_EFAULT; > + goto fail; > + } > + > addr = alloca(addrlen); > ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, > addr, &addrlen)); > This one breaks the test recvfrom01 from the LTP testsuite ltp-full-20180515 archive. recvfrom01 3 TFAIL : recvfrom01.c:170: invalid socket buffer ; returned -1 (expected 0), errno 14 (expected 88) The testcase is with an invalid socket number (-1) and an invalid addrlen pointer. Thanks, Laurent
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index ae3c0dfef7..ea503381aa 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2968,6 +2968,11 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, ret = -TARGET_EINVAL; goto fail; } + if (!access_ok(VERIFY_WRITE, target_addr, addrlen)) { + ret = -TARGET_EFAULT; + goto fail; + } + addr = alloca(addrlen); ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, addr, &addrlen));