linux-user: fd_trans_host_to_target_data() must process only received data

if we process the whole buffer, the netlink helpers can try
to swap invalid data.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Laurent Vivier 2016-06-16 21:01:36 +02:00 committed by Riku Voipio
parent 84f34b00c8
commit 48dc0f2c3d

View File

@ -2991,7 +2991,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
len = ret; len = ret;
if (fd_trans_host_to_target_data(fd)) { if (fd_trans_host_to_target_data(fd)) {
ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base, ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
msg.msg_iov->iov_len); len);
} else { } else {
ret = host_to_target_cmsg(msgp, &msg); ret = host_to_target_cmsg(msgp, &msg);
} }