[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 10/11] linux-user/syscall: verify recvfrom(addr)
|
From: |
Laurent Vivier |
|
Subject: |
Re: [Qemu-devel] [PATCH 10/11] linux-user/syscall: verify recvfrom(addr) is user-writable |
|
Date: |
Thu, 15 Feb 2018 18:27:30 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
Le 24/01/2018 à 14:01, Philippe Mathieu-Daudé a écrit :
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
> linux-user/syscall.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 11c9116c4a..b6b9beca5b 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -4040,6 +4040,11 @@ static abi_long do_recvfrom(int fd, abi_ulong msg,
> size_t len, int flags,
> ret = -TARGET_EINVAL;
> goto fail;
> }
> + if (!access_ok(VERIFY_WRITE, target_addr, addrlen)) {
> + ret = -TARGET_EFAULT;
> + goto fail;
> + }
> +
> addr = alloca(addrlen);
> ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
> addr, &addrlen));
>
Even if host_to_target_sockaddr() will do the check before copying data
to the target, I think it is good to check this before reading the data, so:
Reviewed-by: Laurent Vivier <address@hidden>
Thanks,
Laurent
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PATCH 10/11] linux-user/syscall: verify recvfrom(addr) is user-writable,
Laurent Vivier <=