Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

LibOS: Return -EFAULT on name = NULL for sethostname/setdomainname (UBSAN) #2102

Closed
wants to merge 3 commits into from
Closed

LibOS: Return -EFAULT on name = NULL for sethostname/setdomainname (UBSAN) #2102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d892e21
[LibOS] Return -EFAULT on name = NULL for sethostname/setdomainname
stefanberger Jan 19, 2021
73bdfdc
[LibOS] Return -EFAULT if buf is NULL for getrandom
stefanberger Jan 19, 2021
d36fcd4
[LibOS] Return -EFAULT if msg->msg_iov is NULL for recvmsg
stefanberger Jan 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion LibOS/shim/src/sys/shim_getrandom.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ long shim_do_getrandom(char* buf, size_t count, unsigned int flags) {
if (count > INT_MAX)
count = INT_MAX;

if (test_user_memory(buf, count, /*write=*/true))
if (!buf || test_user_memory(buf, count, /*write=*/true))
return -EFAULT;

/* In theory, DkRandomBitsRead may block on some PALs (which conflicts with GRND_NONBLOCK flag),
Expand Down
2 changes: 1 addition & 1 deletion LibOS/shim/src/sys/shim_socket.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1154,7 +1154,7 @@ static int check_msghdr(struct msghdr* msg, bool is_recv) {
return -EMSGSIZE;
}

if (test_user_memory(msg->msg_iov, size, /*write=*/false)) {
if (!msg->msg_iov || test_user_memory(msg->msg_iov, size, /*write=*/false)) {
return -EFAULT;
}

Expand Down
4 changes: 2 additions & 2 deletions LibOS/shim/src/sys/shim_uname.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ long shim_do_sethostname(char* name, int len) {
if (len < 0 || (size_t)len >= sizeof(g_current_uname.nodename))
return -EINVAL;

if (test_user_memory(name, len, /*write=*/false))
if (!name || test_user_memory(name, len, /*write=*/false))
return -EFAULT;

memcpy(&g_current_uname.nodename, name, len);
Expand All @@ -56,7 +56,7 @@ long shim_do_setdomainname(char* name, int len) {
if (len < 0 || (size_t)len >= sizeof(g_current_uname.domainname))
return -EINVAL;

if (test_user_memory(name, len, /*write=*/false))
if (!name || test_user_memory(name, len, /*write=*/false))
return -EFAULT;

memcpy(&g_current_uname.domainname, name, len);
Expand Down