| Message ID | 1466103697-27279-2-git-send-email-laurent@vivier.eu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 16 June 2016 at 20:01, Laurent Vivier <laurent@vivier.eu> wrote: > if we process the whole buffer, the netlink helpers can try > to swap invalid data. > > Signed-off-by: Laurent Vivier <laurent@vivier.eu> > --- > linux-user/syscall.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 0b937ca..3c30437 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -2987,7 +2987,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, > len = ret; > if (fd_trans_host_to_target_data(fd)) { > ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base, > - msg.msg_iov->iov_len); > + len); > } else { > ret = host_to_target_cmsg(msgp, &msg); > } Reviewed-by: Peter Maydell <peter.maydell@linaro.org> thanks -- PMM
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 0b937ca..3c30437 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2987,7 +2987,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, len = ret; if (fd_trans_host_to_target_data(fd)) { ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base, - msg.msg_iov->iov_len); + len); } else { ret = host_to_target_cmsg(msgp, &msg); }
if we process the whole buffer, the netlink helpers can try to swap invalid data. Signed-off-by: Laurent Vivier <laurent@vivier.eu> --- linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)