From patchwork Tue Aug 14 16:19:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Laurent Vivier X-Patchwork-Id: 957599 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=vivier.eu Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41qflj2kx8z9sD0 for ; Wed, 15 Aug 2018 03:31:29 +1000 (AEST) Received: from localhost ([::1]:45236 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fpdAE-0001iW-UI for incoming@patchwork.ozlabs.org; Tue, 14 Aug 2018 13:31:26 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36881) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fpd98-0001Db-1Y for qemu-devel@nongnu.org; Tue, 14 Aug 2018 13:30:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fpd8k-0001SP-32 for qemu-devel@nongnu.org; Tue, 14 Aug 2018 13:30:17 -0400 Received: from mout.kundenserver.de ([212.227.17.10]:50043) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fpd8j-0001Pp-QH for qemu-devel@nongnu.org; Tue, 14 Aug 2018 13:29:54 -0400 Received: from localhost.localdomain ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue101 [212.227.15.183]) with ESMTPSA (Nemesis) id 0LhNR2-1gBncj1v7Y-00mZsw; Tue, 14 Aug 2018 18:19:09 +0200 From: Laurent Vivier To: qemu-devel@nongnu.org Date: Tue, 14 Aug 2018 18:19:02 +0200 Message-Id: <20180814161904.12216-2-laurent@vivier.eu> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180814161904.12216-1-laurent@vivier.eu> References: <20180814161904.12216-1-laurent@vivier.eu> X-Provags-ID: V03:K1:exlB7uyUNqMydCQYUW+xrGelXPFMneZSahhEoghaHSzxgHeuuhN cW5PSukV0Pg3jqvoi4fPKBMGHfL3IBLcCfejI2CAvNKB+iCZa6v7U7TRiXpFDLtDQQ7rqn/ Iuzpx99Tj9E5hr4QCX2Z1K7uGB9kbobqWDr4pkWA6Ine/UySsCkQUjv/xk+3Pbg/xZV77Pj 3wx6KavbQ+8z5B80lOFUg== X-UI-Out-Filterresults: notjunk:1; V01:K0:VBoKP0LOUPw=:/3FqoM7NLFw7NrtvqESd6L F353wqCEKmF27kXmkw5eEWdJ3gyT9y6BeKDb4HjLByHXJwVm8P/Kt7WvE6ExpM9rwKeRE4r6H te0VvzlIS7aOf3LryiI6QGyfA/6BaeLR5yhjjCtrFqpUOLJ8qEtVbcJL1+5C/YZ9Cwyemw9sC KxMUyL2ol+FwLk4b1KMxuTCTWAg5EMYJ5C7F2n+KqACNU7GLueQ8Z2BQawu5Jg/TuPMLAJRl3 k2OgJoWibQgetQ2Hfyz7bMmp9lViOYsZ8ZZPUngdy4MMfrzWknLmsy4AH9ulcs3AuYZGgKlhR t1CQm7jtYtxlNYtRepQ/DoT6PcY0IXrLyD+ygZHlRYwC/Jd4RrhRZGRT3+K4xaiE633eCeP2E mIwR4Gxbh5+0iAKCcIkJJFe78rp5SJnbi09TMFXI28jLacnEloiEQx2IamdGg4r0GSEEiwZde YYzYWDJiGY7R7RY0TWM1sGIz6RqL2XS5A+yynmtcCuIBAqW1M12bDYnSgdtwVAxzUzUIrRgJI 2TaGKSQXOPHVOTP2KEkJA1GvJH/eWblzrgmoII5zcm3CFz2K/n6Gz9JuxA22pQTA9gSEJiamg V1lwWvyLxhbOioyIKeWHbT+lMXn0IubhNfqvolITGMIcrqBvITjuyKU9qvpjwpW2QgSTh4LjB xz/iWl9L6ZRjOIy/4AEMamyWR0EgnaNcngSz2mUd50wCad5GYPuo1SV/ffjNQhdsJr7Y= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 212.227.17.10 Subject: [Qemu-devel] [PATCH 1/3] linux-user: fix recvmsg()/recvfrom() with netlink and MSG_TRUNC X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Riku Voipio , Laurent Vivier Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" If recvmsg()/recvfrom() are used with the MSG_TRUNC flag, they return the real length even if it was longer than the passed buffer. So when we translate the buffer we must check we don't go beyond the end of the buffer. Bug: https://github.com/vivier/qemu-m68k/issues/33 Reported-by: John Paul Adrian Glaubitz Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index dfc851cc35..399da09f38 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3892,7 +3892,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, len = ret; if (fd_trans_host_to_target_data(fd)) { ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base, - len); + MIN(msg.msg_iov->iov_len, len)); } else { ret = host_to_target_cmsg(msgp, &msg); } @@ -4169,7 +4169,12 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, } if (!is_error(ret)) { if (fd_trans_host_to_target_data(fd)) { - ret = fd_trans_host_to_target_data(fd)(host_msg, ret); + abi_long trans; + trans = fd_trans_host_to_target_data(fd)(host_msg, MIN(ret, len)); + if (is_error(trans)) { + ret = trans; + goto fail; + } } if (target_addr) { host_to_target_sockaddr(target_addr, addr, addrlen);