From nobody Tue Feb 10 22:18:44 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1516799962943445.1460796959723;
 Wed, 24 Jan 2018 05:19:22 -0800 (PST)
Received: from localhost ([::1]:48288 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1eeKxW-0007mN-6W
	for importer@patchew.org; Wed, 24 Jan 2018 08:19:22 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51062)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <philippe.mathieu.daude@gmail.com>)
	id 1eeKgi-0003Jt-1H
	for qemu-devel@nongnu.org; Wed, 24 Jan 2018 08:02:03 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <philippe.mathieu.daude@gmail.com>)
	id 1eeKgc-0005am-Jb
	for qemu-devel@nongnu.org; Wed, 24 Jan 2018 08:02:00 -0500
Received: from mail-qt0-x241.google.com ([2607:f8b0:400d:c0d::241]:46704)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <philippe.mathieu.daude@gmail.com>)
	id 1eeKgc-0005ab-Fa
	for qemu-devel@nongnu.org; Wed, 24 Jan 2018 08:01:54 -0500
Received: by mail-qt0-x241.google.com with SMTP id o35so9976201qtj.13
	for <qemu-devel@nongnu.org>; Wed, 24 Jan 2018 05:01:54 -0800 (PST)
Received: from x1.lan ([138.117.48.219]) by smtp.gmail.com with ESMTPSA id
	q26sm2037495qtl.68.2018.01.24.05.01.52
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 24 Jan 2018 05:01:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=11FNFJnLCs22JFNRBmGsRsccqRJr9MELtUsEMUFWQeE=;
	b=gXkUr7dI2KlxyiWa2vv/cMuZVlLiSZWuLk/8rF8mPejkVTV5OscaAi2LmpU/8sK9Kk
	qKig4EHUnNRefOn/sGirzEUxVoVGWedMx0MBzOgVGLqeiIXFuMTwlxAeAeIvfKjsm5XV
	Kbanb+beiR2CSucjIaSHbclIFbo0tEnBz4PuV4SyPfuhQS3x+5N9dD5uRqRgxuc6dPrd
	/iXvTAAXm2wKdLhVMRqTJxzFG4V5HgcC5rmyguAAO7V0+GnWmeKaexvCug9Xkz5NsUE8
	07Gjl1wt3nil9QCIq8mj55xSVkF22HqGc0MGf3MtK6hdFn3dY0pd459BN+UEe2k2QNyC
	+pqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references:mime-version:content-transfer-encoding;
	bh=11FNFJnLCs22JFNRBmGsRsccqRJr9MELtUsEMUFWQeE=;
	b=Or2iTrDVzeyxV7dOINcfVmTsofFfpdtp9x+/47d1CaPvIKJhRp4NXGRRwwKgBnVzqo
	V0LegekvJIVFZBD8UzW2tXpRPnlU/EUuSEojRMe993uDl1uTb1erfg3x9LXgUIlPbGCw
	pUFjRE/Bi6KBZ3Q2wzffEdTFtAKTMsV/XlyZbzpXkmwErzwjfCBSbyRYvZR+yfoDPNhw
	e7eS7byIetll89BBHe86tGSvTPATazLDrVtU6OzmneTYPfLsX+IPSNOHYhAxWB4W+Ki9
	+Cvud3tuFtmOC/JRXWHTZL6Bt47XivCQloBjRLVxHd3RqAzYlO8H9D8WecYMv+DR7n2R
	s2RQ==
X-Gm-Message-State: AKwxyte7GJ1vaNdhNhzJM/Hm8sUvm+toEEMClRTy6o3K2BbEOm7QeD9i
	TE7mNh+9A6UywLUTeMrR2tg=
X-Google-Smtp-Source: 
 AH8x227pAWVvBOloH3XDTzMcZYUQUr0FZZPGco3YSvlkcO/LHLoAHuztD+58kjCCuBMTabgDAxMMJg==
X-Received: by 10.55.212.211 with SMTP id s80mr9075095qks.96.1516798913955;
	Wed, 24 Jan 2018 05:01:53 -0800 (PST)
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
To: Riku Voipio <riku.voipio@iki.fi>,
	Laurent Vivier <laurent@vivier.eu>
Date: Wed, 24 Jan 2018 10:01:25 -0300
Message-Id: <20180124130126.20871-11-f4bug@amsat.org>
X-Mailer: git-send-email 2.15.1
In-Reply-To: <20180124130126.20871-1-f4bug@amsat.org>
References: <20180124130126.20871-1-f4bug@amsat.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:400d:c0d::241
Subject: [Qemu-devel] [PATCH 10/11] linux-user/syscall: verify
 recvfrom(addr) is user-writable
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>,
	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
	qemu-devel@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0

Signed-off-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 11c9116c4a..b6b9beca5b 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4040,6 +4040,11 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, s=
ize_t len, int flags,
             ret =3D -TARGET_EINVAL;
             goto fail;
         }
+        if (!access_ok(VERIFY_WRITE, target_addr, addrlen)) {
+            ret =3D -TARGET_EFAULT;
+            goto fail;
+        }
+
         addr =3D alloca(addrlen);
         ret =3D get_errno(safe_recvfrom(fd, host_msg, len, flags,
                                       addr, &addrlen));
--=20
2.15.1