qemu-e2k/linux-user
Shu-Chun Weng 1645fb5a1e Fix unsigned integer underflow in fd-trans.c
In any of these `*_for_each_*` functions, the last entry in the buffer (so the
"remaining length in the buffer" `len` is equal to the length of the
entry `nlmsg_len`/`nla_len`/etc) has size that is not a multiple of the
alignment, the aligned lengths `*_ALIGN(*_len)` will be greater than `len`.
Since `len` is unsigned (`size_t`), it underflows and the loop will read
pass the buffer.

This may manifest as random EINVAL or EOPNOTSUPP error on IO or network
system calls.

Signed-off-by: Shu-Chun Weng <scw@google.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20191018001920.178283-1-scw@google.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-10-21 11:34:18 +02:00
..
aarch64 Supply missing header guards 2019-06-12 13:20:21 +02:00
alpha Supply missing header guards 2019-06-12 13:20:21 +02:00
arm target/arm: remove run-time semihosting checks for linux-user 2019-09-27 11:41:32 +01:00
cris Supply missing header guards 2019-06-12 13:20:21 +02:00
generic linux-user: Introduce TARGET_HAVE_ARCH_STRUCT_FLOCK 2019-07-02 16:56:46 +02:00
host linux-user: Add safe_syscall for riscv64 host 2018-12-26 06:40:02 +11:00
hppa linux-user: Make sigaltstack stacks per-thread 2019-07-26 19:24:33 +02:00
i386 Supply missing header guards 2019-06-12 13:20:21 +02:00
m68k linux-user/m68k: remove simulator syscall interface 2019-06-26 17:14:41 +02:00
microblaze Supply missing header guards 2019-06-12 13:20:21 +02:00
mips target/mips: rationalise softfloat includes 2019-08-19 12:07:13 +01:00
mips64 Supply missing header guards 2019-06-12 13:20:21 +02:00
nios2 Supply missing header guards 2019-06-12 13:20:21 +02:00
openrisc target/openrisc: Add support for ORFPX64A32 2019-09-04 12:53:33 -07:00
ppc target/ppc: fix signal delivery for ppc64abi32 2019-09-26 19:00:53 +01:00
riscv RISC-V: Update syscall list for 32-bit support. 2019-06-25 22:37:08 -07:00
s390x Supply missing header guards 2019-06-12 13:20:21 +02:00
sh4 Supply missing header guards 2019-06-12 13:20:21 +02:00
sparc Supply missing header guards 2019-06-12 13:20:21 +02:00
sparc64 Supply missing header guards 2019-06-12 13:20:21 +02:00
tilegx Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
x86_64 Supply missing header guards 2019-06-12 13:20:21 +02:00
xtensa target/xtensa: linux-user: add call0 ABI support 2019-09-11 08:47:06 +02:00
cpu_loop-common.h cpu: Replace ENV_GET_CPU with env_cpu 2019-06-10 07:03:34 -07:00
elfload.c linux-user: Support gdb 'qOffsets' query for ELF 2019-09-11 08:46:52 +02:00
errno_defs.h Supply missing header guards 2019-06-12 13:20:21 +02:00
exit.c linux-user: fix GPROF build failure 2019-05-10 12:44:23 +02:00
fd-trans.c Fix unsigned integer underflow in fd-trans.c 2019-10-21 11:34:18 +02:00
fd-trans.h linux-user: move TargetFdTrans functions to their own file 2018-09-25 22:36:47 +02:00
flat.h Supply missing header guards 2019-06-12 13:20:21 +02:00
flatload.c linux-user/flatload: fix initial stack pointer alignment 2018-10-30 11:23:32 -07:00
ioctls.h linux-user: Add support for FDRESET, FDRAWCMD, FDTWADDLE, and FDEJECT ioctls 2019-09-11 08:47:06 +02:00
linux_loop.h linux-user: Add loop control ioctls 2016-07-19 15:22:33 +03:00
linuxload.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
main.c linux-user: drop redundant handling of environment variables 2019-09-11 08:47:06 +02:00
Makefile.objs linux-user/m68k: remove simulator syscall interface 2019-06-26 17:14:41 +02:00
mmap.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
qemu.h Include qemu/queue.h slightly less 2019-08-16 13:31:52 +02:00
safe-syscall.S linux-user: Provide safe_syscall for fixing races between signals and syscalls 2016-05-27 14:49:51 +03:00
signal-common.h linux-user: Make sigaltstack stacks per-thread 2019-07-26 19:24:33 +02:00
signal.c linux-user: Make sigaltstack stacks per-thread 2019-07-26 19:24:33 +02:00
socket.h Supply missing header guards 2019-06-12 13:20:21 +02:00
strace.c linux-user: Add support for strace for statx() syscall 2019-07-02 16:56:46 +02:00
strace.list linux-user: add strace for dup3 2019-10-21 11:30:04 +02:00
syscall_defs.h linux-user: Add support for FDRESET, FDRAWCMD, FDTWADDLE, and FDEJECT ioctls 2019-09-11 08:47:06 +02:00
syscall_types.h linux-user: fix to handle variably sized SIOCGSTAMP with new kernels 2019-07-19 09:33:55 +02:00
syscall.c linux-user: Add support for FDFLUSH ioctl 2019-09-11 08:47:06 +02:00
target_flat.h Supply missing header guards 2019-06-12 13:20:21 +02:00
trace-events trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
uaccess.c avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
uname.c cpu: Replace ENV_GET_CPU with env_cpu 2019-06-10 07:03:34 -07:00
uname.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
vm86.c target/i386: Use env_cpu, env_archcpu 2019-06-10 07:03:42 -07:00