| Message ID | 20180124130126.20871-11-f4bug@amsat.org |
|---|---|
| State | New |
| Headers | show |
| Series | linux-user: improve NETLINK strace | expand |
Le 24/01/2018 à 14:01, Philippe Mathieu-Daudé a écrit : > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- > linux-user/syscall.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 11c9116c4a..b6b9beca5b 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -4040,6 +4040,11 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, > ret = -TARGET_EINVAL; > goto fail; > } > + if (!access_ok(VERIFY_WRITE, target_addr, addrlen)) { > + ret = -TARGET_EFAULT; > + goto fail; > + } > + > addr = alloca(addrlen); > ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, > addr, &addrlen)); > Even if host_to_target_sockaddr() will do the check before copying data to the target, I think it is good to check this before reading the data, so: Reviewed-by: Laurent Vivier <laurent@vivier.eu> Thanks, Laurent
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 11c9116c4a..b6b9beca5b 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -4040,6 +4040,11 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, ret = -TARGET_EINVAL; goto fail; } + if (!access_ok(VERIFY_WRITE, target_addr, addrlen)) { + ret = -TARGET_EFAULT; + goto fail; + } + addr = alloca(addrlen); ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, addr, &addrlen));
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> --- linux-user/syscall.c | 5 +++++ 1 file changed, 5 insertions(+)