On 11/10/2018 00:36, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
> Tested-By: Guido Günther <a...@sigxcpu.org>
> Reviewed-by: Laurent Vivier <laur...@vivier.eu>
> ---
> linux-user/syscall.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index ae3c0dfef7..ea503381aa 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -2968,6 +2968,11 @@ static abi_long do_recvfrom(int fd, abi_ulong msg,
> size_t len, int flags,
> ret = -TARGET_EINVAL;
> goto fail;
> }
> + if (!access_ok(VERIFY_WRITE, target_addr, addrlen)) {
> + ret = -TARGET_EFAULT;
> + goto fail;
> + }
> +
> addr = alloca(addrlen);
> ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
> addr, &addrlen));
>
This one breaks the test recvfrom01 from the LTP testsuite
ltp-full-20180515 archive.
recvfrom01 3 TFAIL : recvfrom01.c:170: invalid socket buffer ;
returned -1 (expected 0), errno 14 (expected 88)
The testcase is with an invalid socket number (-1) and an invalid
addrlen pointer.
Thanks,
Laurent
