From nobody Thu Apr 25 12:16:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (209.51.188.17 [209.51.188.17]) by mx.zohomail.com with SMTPS id 1549551271270475.92742095354436; Thu, 7 Feb 2019 06:54:31 -0800 (PST) Received: from localhost ([127.0.0.1]:41469 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1grl4L-00084Y-7w for importer@patchew.org; Thu, 07 Feb 2019 09:54:25 -0500 Received: from eggs.gnu.org ([209.51.188.92]:42165) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1grl1o-0006bR-5b for qemu-devel@nongnu.org; Thu, 07 Feb 2019 09:51:49 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1grl1k-0005GT-EE for qemu-devel@nongnu.org; Thu, 07 Feb 2019 09:51:47 -0500 Received: from mx2.suse.de ([195.135.220.15]:56596 helo=mx1.suse.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1grl1j-0005DR-Qb for qemu-devel@nongnu.org; Thu, 07 Feb 2019 09:51:44 -0500 Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 3013EB007; Thu, 7 Feb 2019 14:51:37 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de From: Andreas Schwab To: qemu-devel@nongnu.org X-Yow: Tex SEX! The HOME of WHEELS! The dripping of COFFEE!! Take me to Minnesota but don't EMBARRASS me!! Date: Thu, 07 Feb 2019 15:51:35 +0100 Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1.91 (gnu/linux) MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] X-Received-From: 195.135.220.15 Subject: [Qemu-devel] [PATCH] linux-user: fix emulation of accept4/getpeername/getsockname/recvfrom syscalls X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Laurent Vivier Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" System calls that return a socket address do so by writing the (possibly truncated) address into the provided buffer space, but setting the addrlen parameter to the actual size of the address. To determine how much to copy back to the target memory the emulation needs to remember the old value of the addrlen parameter, so that it doesn't write past the buffer limits. Signed-off-by: Andreas Schwab Reviewed-by: Laurent Vivier --- linux-user/syscall.c | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 55fa235a56..90bfda3563 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2884,7 +2884,7 @@ static abi_long do_sendrecvmmsg(int fd, abi_ulong tar= get_msgvec, static abi_long do_accept4(int fd, abi_ulong target_addr, abi_ulong target_addrlen_addr, int flags) { - socklen_t addrlen; + socklen_t addrlen, ret_addrlen; void *addr; abi_long ret; int host_flags; @@ -2908,10 +2908,11 @@ static abi_long do_accept4(int fd, abi_ulong target= _addr, =20 addr =3D alloca(addrlen); =20 - ret =3D get_errno(safe_accept4(fd, addr, &addrlen, host_flags)); + ret_addrlen =3D addrlen; + ret =3D get_errno(safe_accept4(fd, addr, &ret_addrlen, host_flags)); if (!is_error(ret)) { - host_to_target_sockaddr(target_addr, addr, addrlen); - if (put_user_u32(addrlen, target_addrlen_addr)) + host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrle= n)); + if (put_user_u32(ret_addrlen, target_addrlen_addr)) ret =3D -TARGET_EFAULT; } return ret; @@ -2921,7 +2922,7 @@ static abi_long do_accept4(int fd, abi_ulong target_a= ddr, static abi_long do_getpeername(int fd, abi_ulong target_addr, abi_ulong target_addrlen_addr) { - socklen_t addrlen; + socklen_t addrlen, ret_addrlen; void *addr; abi_long ret; =20 @@ -2937,10 +2938,11 @@ static abi_long do_getpeername(int fd, abi_ulong ta= rget_addr, =20 addr =3D alloca(addrlen); =20 - ret =3D get_errno(getpeername(fd, addr, &addrlen)); + ret_addrlen =3D addrlen; + ret =3D get_errno(getpeername(fd, addr, &ret_addrlen)); if (!is_error(ret)) { - host_to_target_sockaddr(target_addr, addr, addrlen); - if (put_user_u32(addrlen, target_addrlen_addr)) + host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrle= n)); + if (put_user_u32(ret_addrlen, target_addrlen_addr)) ret =3D -TARGET_EFAULT; } return ret; @@ -2950,7 +2952,7 @@ static abi_long do_getpeername(int fd, abi_ulong targ= et_addr, static abi_long do_getsockname(int fd, abi_ulong target_addr, abi_ulong target_addrlen_addr) { - socklen_t addrlen; + socklen_t addrlen, ret_addrlen; void *addr; abi_long ret; =20 @@ -2966,10 +2968,11 @@ static abi_long do_getsockname(int fd, abi_ulong ta= rget_addr, =20 addr =3D alloca(addrlen); =20 - ret =3D get_errno(getsockname(fd, addr, &addrlen)); + ret_addrlen =3D addrlen; + ret =3D get_errno(getsockname(fd, addr, &ret_addrlen)); if (!is_error(ret)) { - host_to_target_sockaddr(target_addr, addr, addrlen); - if (put_user_u32(addrlen, target_addrlen_addr)) + host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrle= n)); + if (put_user_u32(ret_addrlen, target_addrlen_addr)) ret =3D -TARGET_EFAULT; } return ret; @@ -3042,7 +3045,7 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, si= ze_t len, int flags, abi_ulong target_addr, abi_ulong target_addrlen) { - socklen_t addrlen; + socklen_t addrlen, ret_addrlen; void *addr; void *host_msg; abi_long ret; @@ -3060,10 +3063,12 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, = size_t len, int flags, goto fail; } addr =3D alloca(addrlen); + ret_addrlen =3D addrlen; ret =3D get_errno(safe_recvfrom(fd, host_msg, len, flags, - addr, &addrlen)); + addr, &ret_addrlen)); } else { addr =3D NULL; /* To keep compiler quiet. */ + addrlen =3D 0; /* To keep compiler quiet. */ ret =3D get_errno(safe_recvfrom(fd, host_msg, len, flags, NULL, 0)= ); } if (!is_error(ret)) { @@ -3076,8 +3081,9 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, si= ze_t len, int flags, } } if (target_addr) { - host_to_target_sockaddr(target_addr, addr, addrlen); - if (put_user_u32(addrlen, target_addrlen)) { + host_to_target_sockaddr(target_addr, addr, + MIN(addrlen, ret_addrlen)); + if (put_user_u32(ret_addrlen, target_addrlen)) { ret =3D -TARGET_EFAULT; goto fail; } --=20 2.20.1 --=20 Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint =3D 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different."