From: Laurent Vivier <laurent@vivier.eu>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Laurent Vivier" <laurent@vivier.eu>
Subject: [PULL 10/10] linux-user: Check lock_user result for ip_mreq_source sockopts
Date: Thu, 16 Sep 2021 17:12:37 +0200 [thread overview]
Message-ID: <20210916151237.1188301-11-laurent@vivier.eu> (raw)
In-Reply-To: <20210916151237.1188301-1-laurent@vivier.eu>
From: Peter Maydell <peter.maydell@linaro.org>
In do_setsockopt(), the code path for the options which take a struct
ip_mreq_source (IP_BLOCK_SOURCE, IP_UNBLOCK_SOURCE,
IP_ADD_SOURCE_MEMBERSHIP and IP_DROP_SOURCE_MEMBERSHIP) fails to
check the return value from lock_user(). Handle this in the usual
way by returning -TARGET_EFAULT.
(In practice this was probably harmless because we'd pass a NULL
pointer to setsockopt() and the kernel would then return EFAULT.)
Fixes: Coverity CID 1459987
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210809155424.30968-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
linux-user/syscall.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index e4ffdec0d83c..544f5b662ffe 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2127,6 +2127,9 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
return -TARGET_EINVAL;
ip_mreq_source = lock_user(VERIFY_READ, optval_addr, optlen, 1);
+ if (!ip_mreq_source) {
+ return -TARGET_EFAULT;
+ }
ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq_source, optlen));
unlock_user (ip_mreq_source, optval_addr, 0);
break;
--
2.31.1
next prev parent reply other threads:[~2021-09-16 15:23 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-16 15:12 [PULL 00/10] Linux user for 6.2 patches Laurent Vivier
2021-09-16 15:12 ` [PULL 01/10] linux-user: Fix coding style nits in qemu.h Laurent Vivier
2021-09-16 15:12 ` [PULL 02/10] linux-user: Split strace prototypes into strace.h Laurent Vivier
2021-09-16 15:12 ` [PULL 03/10] linux-user: Split signal-related prototypes into signal-common.h Laurent Vivier
2021-09-16 15:12 ` [PULL 04/10] linux-user: Split loader-related prototypes into loader.h Laurent Vivier
2021-09-16 15:12 ` [PULL 05/10] linux-user: Split mmap prototypes into user-mmap.h Laurent Vivier
2021-09-16 15:12 ` [PULL 06/10] linux-user: Split safe-syscall macro into its own header Laurent Vivier
2021-09-16 15:12 ` [PULL 07/10] linux-user: Split linux-user internals out of qemu.h Laurent Vivier
2021-09-16 15:12 ` [PULL 08/10] linux-user: Don't include gdbstub.h in qemu.h Laurent Vivier
2021-09-16 15:12 ` [PULL 09/10] linux-user: Drop unneeded includes from qemu.h Laurent Vivier
2021-09-16 15:12 ` Laurent Vivier [this message]
2021-09-17 9:05 ` [PULL 00/10] Linux user for 6.2 patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210916151237.1188301-11-laurent@vivier.eu \
--to=laurent@vivier.eu \
--cc=f4bug@amsat.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.