qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] linux-user: Return EINVAL for getgroups() with negative gids

From: Laurent Vivier
Subject: Re: [PATCH] linux-user: Return EINVAL for getgroups() with negative gidsetsize
Date: Fri, 2 Jun 2023 20:05:03 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 
Le 02/06/2023 à 19:48, Peter Maydell a écrit :

Coverity doesn't like the way we might end up calling getgroups()
with a NULL grouplist pointer. This is fine for the special case
of gidsetsize == 0, but we will also do it if the guest passes
us a negative gidsetsize. (CID 1512465)

Explicitly fail the negative gidsetsize with EINVAL, as the kernel
does. This means we definitely only call the libc getgroups()
with valid parameters.

Possibly Coverity may still complain about getgroups(0, NULL), but
that would be a false positive.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
  linux-user/syscall.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 89b58b386b1..29fdfdf18e4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -11574,7 +11574,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int 
num, abi_long arg1,
              g_autofree gid_t *grouplist = NULL;
              int i;
- if (gidsetsize > NGROUPS_MAX) { 
+            if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
                  return -TARGET_EINVAL;
              }
              if (gidsetsize > 0) {


Reviewed-by: Laurent Vivier <laurent@vivier.eu>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]