On 12 July 2014 10:46, Joakim Tjernlund <joakim.tjernl...@transmode.se> wrote:
> ---
> linux-user/syscall.c | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 57c1664..5a07d9c 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -1497,6 +1497,25 @@ set_timeout:
> unlock_user_struct(tfprog, optval_addr, 1);
> return ret;
> }
> + case TARGET_SO_BINDTODEVICE:
> + {
> + char *dev_ifname, *addr_ifname;
> +
> + dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
> + if (!dev_ifname) {
> + return -TARGET_EFAULT;
> + }
> + if (optlen > IFNAMSIZ - 1) {
> + optlen = IFNAMSIZ - 1;
> + }
This needs to go before the lock_user, not after.
> + optname = SO_BINDTODEVICE;
> + addr_ifname = alloca(IFNAMSIZ);
> + memcpy(addr_ifname, dev_ifname, IFNAMSIZ);
You can't memcpy IFNAMSIZ bytes here because your source
might be shorter than that. memcpy() optlen bytes and set
addr_ifname[optlen] to 0.
> + addr_ifname[IFNAMSIZ - 1] = 0;
> + ret = get_errno(setsockopt(sockfd, level, optname,
> addr_ifname, optlen));
> + unlock_user (dev_ifname, optval_addr, 0);
> + return ret;
> + }
> /* Options with 'int' argument. */
> case TARGET_SO_DEBUG:
> optname = SO_DEBUG;
> --
> 1.8.5.5
Otherwise looks good; thanks.
thanks
-- PMM
