Le 24/01/2018 à 14:01, Philippe Mathieu-Daudé a écrit :
> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
> ---
> linux-user/syscall.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 11c9116c4a..b6b9beca5b 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -4040,6 +4040,11 @@ static abi_long do_recvfrom(int fd, abi_ulong msg,
> size_t len, int flags,
> ret = -TARGET_EINVAL;
> goto fail;
> }
> + if (!access_ok(VERIFY_WRITE, target_addr, addrlen)) {
> + ret = -TARGET_EFAULT;
> + goto fail;
> + }
> +
> addr = alloca(addrlen);
> ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
> addr, &addrlen));
>
Even if host_to_target_sockaddr() will do the check before copying data
to the target, I think it is good to check this before reading the data, so:
Reviewed-by: Laurent Vivier <laur...@vivier.eu>
Thanks,
Laurent
