[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 4/7] linux-user: fix recvmsg()/recvfrom() with netlin
|
From: |
Laurent Vivier |
|
Subject: |
[Qemu-devel] [PULL 4/7] linux-user: fix recvmsg()/recvfrom() with netlink and MSG_TRUNC |
|
Date: |
Mon, 20 Aug 2018 22:26:01 +0200 |
If recvmsg()/recvfrom() are used with the MSG_TRUNC flag, they return the
real length even if it was longer than the passed buffer.
So when we translate the buffer we must check we don't go beyond the
end of the buffer.
Bug: https://github.com/vivier/qemu-m68k/issues/33
Reported-by: John Paul Adrian Glaubitz <address@hidden>
Signed-off-by: Laurent Vivier <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Message-Id: <address@hidden>
---
linux-user/syscall.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 1806b33b02..e66faf1c62 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3892,7 +3892,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct
target_msghdr *msgp,
len = ret;
if (fd_trans_host_to_target_data(fd)) {
ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
- len);
+ MIN(msg.msg_iov->iov_len, len));
} else {
ret = host_to_target_cmsg(msgp, &msg);
}
@@ -4169,7 +4169,12 @@ static abi_long do_recvfrom(int fd, abi_ulong msg,
size_t len, int flags,
}
if (!is_error(ret)) {
if (fd_trans_host_to_target_data(fd)) {
- ret = fd_trans_host_to_target_data(fd)(host_msg, ret);
+ abi_long trans;
+ trans = fd_trans_host_to_target_data(fd)(host_msg, MIN(ret, len));
+ if (is_error(trans)) {
+ ret = trans;
+ goto fail;
+ }
}
if (target_addr) {
host_to_target_sockaddr(target_addr, addr, addrlen);
--
2.17.1
- [Qemu-devel] [PULL 0/7] Linux user for 3.1 patches, Laurent Vivier, 2018/08/20
- [Qemu-devel] [PULL 7/7] linux-user: add QEMU_IFLA_INFO_KIND nested type for tun, Laurent Vivier, 2018/08/20
- [Qemu-devel] [PULL 2/7] linux-user: fix 32bit g2h()/h2g(), Laurent Vivier, 2018/08/20
- [Qemu-devel] [PULL 1/7] qemu-binfmt-conf.sh: add x86_64 target, Laurent Vivier, 2018/08/20
- [Qemu-devel] [PULL 5/7] linux-user: introduce QEMU_RTA_* to use with rtattr_type_t, Laurent Vivier, 2018/08/20
- [Qemu-devel] [PULL 6/7] linux-user: update netlink route types, Laurent Vivier, 2018/08/20
- [Qemu-devel] [PULL 3/7] sh4: fix use_icount with linux-user, Laurent Vivier, 2018/08/20
- [Qemu-devel] [PULL 4/7] linux-user: fix recvmsg()/recvfrom() with netlink and MSG_TRUNC,
Laurent Vivier <=
- Re: [Qemu-devel] [PULL 0/7] Linux user for 3.1 patches, no-reply, 2018/08/20
- Re: [Qemu-devel] [PULL 0/7] Linux user for 3.1 patches, Peter Maydell, 2018/08/21
- [Qemu-devel] [PULL 0/7] Linux user for 3.1 patches, Laurent Vivier, 2018/08/21
- [Qemu-devel] [PULL 2/7] linux-user: Split out do_syscall1, Laurent Vivier, 2018/08/21
- [Qemu-devel] [PULL 5/7] linux-user: Propagate goto unimplemented_nowarn to return, Laurent Vivier, 2018/08/21
- [Qemu-devel] [PULL 6/7] linux-user: Propagate goto unimplemented to default, Laurent Vivier, 2018/08/21
- [Qemu-devel] [PULL 7/7] linux-user: Propagate goto fail to return, Laurent Vivier, 2018/08/21
- [Qemu-devel] [PULL 1/7] linux-user: Remove DEBUG, Laurent Vivier, 2018/08/21
- [Qemu-devel] [PULL 4/7] linux-user: Propagate goto efault to return, Laurent Vivier, 2018/08/21
- [Qemu-devel] [PULL 3/7] linux-user: Relax single exit from "break", Laurent Vivier, 2018/08/21