[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 13/16] linux-user: Return EINVAL for getgroups() with negative gid
From: |
Michael Tokarev |
Subject: |
[PULL 13/16] linux-user: Return EINVAL for getgroups() with negative gidsetsize |
Date: |
Sat, 10 Jun 2023 09:57:51 +0300 |
From: Peter Maydell <peter.maydell@linaro.org>
Coverity doesn't like the way we might end up calling getgroups()
with a NULL grouplist pointer. This is fine for the special case
of gidsetsize == 0, but we will also do it if the guest passes
us a negative gidsetsize. (CID 1512465)
Explicitly fail the negative gidsetsize with EINVAL, as the kernel
does. This means we definitely only call the libc getgroups()
with valid parameters. It also brings the getgroups() code in
to line with the setgroups() code.
Possibly Coverity may still complain about getgroups(0, NULL), but
that would be a false positive.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
---
linux-user/syscall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 94256cc262..f2cb101d83 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -11676,7 +11676,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int
num, abi_long arg1,
g_autofree gid_t *grouplist = NULL;
int i;
- if (gidsetsize > NGROUPS_MAX) {
+ if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
return -TARGET_EINVAL;
}
if (gidsetsize > 0) {
@@ -12012,7 +12012,7 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int
num, abi_long arg1,
g_autofree gid_t *grouplist = NULL;
int i;
- if (gidsetsize > NGROUPS_MAX) {
+ if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
return -TARGET_EINVAL;
}
if (gidsetsize > 0) {
--
2.39.2
- [PULL 03/16] spelling: information, (continued)
- [PULL 03/16] spelling: information, Michael Tokarev, 2023/06/10
- [PULL 02/16] hw/virtio/virtio-qmp.c: spelling: suppoted, Michael Tokarev, 2023/06/10
- [PULL 04/16] hw/remote: Fix vfu_cfg trace offset format, Michael Tokarev, 2023/06/10
- [PULL 05/16] block.c: add newline for "Detected format" warning, Michael Tokarev, 2023/06/10
- [PULL 06/16] meson: install keyboard maps only if necessary, Michael Tokarev, 2023/06/10
- [PULL 07/16] target/m68k/fpu_helper: Use FloatRelation enum to hold comparison result, Michael Tokarev, 2023/06/10
- [PULL 09/16] hw/i386/microvm: Simplify using object_dynamic_cast(), Michael Tokarev, 2023/06/10
- [PULL 08/16] hw/core/cpu: Simplify realize() using MACHINE_GET_CLASS() macro, Michael Tokarev, 2023/06/10
- [PULL 10/16] hw/pci/pci: Simplify pci_bar_address() using MACHINE_GET_CLASS() macro, Michael Tokarev, 2023/06/10
- [PULL 12/16] linux-user: add comments for TARGET_NR_[gs]etgroups{, 32}, Michael Tokarev, 2023/06/10
- [PULL 13/16] linux-user: Return EINVAL for getgroups() with negative gidsetsize,
Michael Tokarev <=
- [PULL 15/16] linux-user: elfload: s/min_mmap_addr/mmap_min_addr/, Michael Tokarev, 2023/06/10
- [PULL 14/16] vnc: move assert in vnc_worker_thread_loop, Michael Tokarev, 2023/06/10
- [PULL 11/16] hw/usb/hcd-ehci-pci: Simplify using DEVICE_GET_CLASS() macro, Michael Tokarev, 2023/06/10
- [PULL 16/16] linux-user: elfload: Specify -R is an option for qemu-user binaries, Michael Tokarev, 2023/06/10
- Re: [PULL 00/16] trivial patches 2023-06-10, Richard Henderson, 2023/06/10