Linux kernel now checks the read permissions before validating `how`
Suggested-by: Laurent Vivier <laur...@vivier.eu>
Signed-off-by: Patrick Venture <vent...@google.com>
Reviewed-by: Laurent Vivier <laur...@vivier.eu>
---
linux-user/syscall.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 34bd819e38..210483d4e4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9465,6 +9465,13 @@ static abi_long do_syscall1(void *cpu_env, int num,
abi_long arg1,
int how;
if (arg2) {
+ p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1));
+ if (!p) {
+ return -TARGET_EFAULT;
+ }
+ target_to_host_old_sigset(&set, p);
+ unlock_user(p, arg2, 0);
+ set_ptr = &set;
switch (arg1) {
case TARGET_SIG_BLOCK:
how = SIG_BLOCK;
@@ -9478,11 +9485,6 @@ static abi_long do_syscall1(void *cpu_env, int num,
abi_long arg1,
default:
return -TARGET_EINVAL;
}
- if (!(p = lock_user(VERIFY_READ, arg2,
sizeof(target_sigset_t), 1)))
- return -TARGET_EFAULT;
- target_to_host_old_sigset(&set, p);
- unlock_user(p, arg2, 0);
- set_ptr = &set;
} else {
how = 0;
set_ptr = NULL;
--
2.35.0.rc0.227.g00780c9af4-goog
