From nobody Wed Nov  5 13:07:23 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1534785724267605.5536079628635;
 Mon, 20 Aug 2018 10:22:04 -0700 (PDT)
Received: from localhost ([::1]:48290 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1frnsR-00030r-7t
	for importer@patchew.org; Mon, 20 Aug 2018 13:22:03 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49074)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <laurent@vivier.eu>) id 1frnmz-0007B9-M9
	for qemu-devel@nongnu.org; Mon, 20 Aug 2018 13:16:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <laurent@vivier.eu>) id 1frnmv-0003CP-AT
	for qemu-devel@nongnu.org; Mon, 20 Aug 2018 13:16:25 -0400
Received: from mout.kundenserver.de ([212.227.126.133]:42567)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <laurent@vivier.eu>) id 1frnmu-0003BZ-Up
	for qemu-devel@nongnu.org; Mon, 20 Aug 2018 13:16:21 -0400
Received: from localhost.localdomain ([78.238.229.36]) by
	mrelayeu.kundenserver.de (mreue003 [212.227.15.167]) with ESMTPSA
	(Nemesis)
	id 0MC5H2-1fiy6603Ci-008oCd; Mon, 20 Aug 2018 19:16:10 +0200
From: Laurent Vivier <laurent@vivier.eu>
To: qemu-devel@nongnu.org
Date: Mon, 20 Aug 2018 19:15:54 +0200
Message-Id: <20180820171557.7734-2-laurent@vivier.eu>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180820171557.7734-1-laurent@vivier.eu>
References: <20180820171557.7734-1-laurent@vivier.eu>
X-Provags-ID: V03:K1:GgbRk838MvCttP9xketnCjfjh1cQzbB0iCtRECwSxhreiXyC3gP
	MHXk7PjSuO2oDBVQZsGbo+uZH71Pg1d1buot7+O7otp2VbnGKZB2+e8YEt8JICFwTdc+DmD
	lzjhCyffN3KCtVARoTTuUy3PKTXyE+KUCB7qqAoi2KHWiVcpBxN6a2B/qJI9WFj7ih+s4M8
	A26B85ZXBaIWsfFqUthjA==
X-UI-Out-Filterresults: notjunk:1;V01:K0:Qbmaj38etoI=:dURDqSErkndKlW4a/1s5wy
	8SnVRANG7kSXDAuGMnFDKNmqLLw3L4Oid+042fkp5/cqcLNCIldIwtTtvJjKYgUfQEEAg67SQ
	E/qy0gvxWF4DZsxe9dJSLZuEWWoy/9OeNKHn4GJWkDl2rEWnpfAeHSOeBud2djrifNdL9K/3h
	P5BFhyKAjjVCROXpVmI49GWhJq1xaGyx8A5GhwuxXPBFpDPtoYHjZmzRadDaQlq5PI2wXT36L
	QZ1PfPvhKdM300rqXXUCvmfUiinLiUOoiigiA0cGTESt7UvzZchKnQfz0rzo+L1P5HpQQu16G
	4oVj5ER2ZY8mXahETzL2H7qHfGISoCDaJuFUK9euwzUItJL1VJsofhtxBd/x/A3W5x7hcknw4
	lze0vXZeZKoHS5jLCZ72WZlP/oAC5JL+h5YBvj9gXb49d8hzgp/9eydT0XksCEvP1gDrSD1D6
	SrTTjR5DL9nejrDL+IV8KCHAzfVFSG6ZqXS1VQX6jE1Mq+imCc/Vphu1esDqL6f2n7P5iij/U
	x5PuAXSYCwlWxWtoRNCA3ij68IuimaDUktERXrzNbPkL+dEAESobghPStESgdwiT2IsJ5aUqU
	dJPD/xsrDRIJNlOimvhIIograzAh2K0IERoQhgfAlhxpzKAmShppRv0ncqXjAIr6hExdu39oZ
	573KAO/SthramcJAWKJqDNRzw9n5mP+dc+qzz51LEDNrpH1iNFG+nL6aHQBfikeR8Xrs=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 212.227.126.133
Subject: [Qemu-devel] [PATCH v2 1/4] linux-user: fix recvmsg()/recvfrom()
 with netlink and MSG_TRUNC
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Peter Maydell <peter.maydell@linaro.org>,
 Riku Voipio <riku.voipio@iki.fi>,
	Laurent Vivier <laurent@vivier.eu>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

If recvmsg()/recvfrom() are used with the MSG_TRUNC flag, they return the
real length even if it was longer than the passed buffer.
So when we translate the buffer we must check we don't go beyond the
end of the buffer.

Bug: https://github.com/vivier/qemu-m68k/issues/33
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
---
 linux-user/syscall.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index bb42a225eb..a62cd15dc7 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3892,7 +3892,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct =
target_msghdr *msgp,
             len =3D ret;
             if (fd_trans_host_to_target_data(fd)) {
                 ret =3D fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_=
base,
-                                                       len);
+                                               MIN(msg.msg_iov->iov_len, l=
en));
             } else {
                 ret =3D host_to_target_cmsg(msgp, &msg);
             }
@@ -4169,7 +4169,12 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, s=
ize_t len, int flags,
     }
     if (!is_error(ret)) {
         if (fd_trans_host_to_target_data(fd)) {
-            ret =3D fd_trans_host_to_target_data(fd)(host_msg, ret);
+            abi_long trans;
+            trans =3D fd_trans_host_to_target_data(fd)(host_msg, MIN(ret, =
len));
+            if (is_error(trans)) {
+                ret =3D trans;
+                goto fail;
+            }
         }
         if (target_addr) {
             host_to_target_sockaddr(target_addr, addr, addrlen);
--=20
2.17.1