[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 1/9] linux-user: fail execve() if env/args too big
From: |
Stefan Hajnoczi |
Subject: |
[Qemu-devel] [PATCH 1/9] linux-user: fail execve() if env/args too big |
Date: |
Fri, 10 Feb 2012 11:34:05 +0000 |
From: Ulrich Hecht <address@hidden>
If the host's page size is equal to or smaller than the target's, native
execve() will fail appropriately with E2BIG if called with too big an
environment for the target to handle. It may falsely succeed, however, if
the host's page size is bigger, and feed the executed target process an
environment that is too big for it to handle, at which point QEMU barfs and
exits, confusing procmail's autoconf script and causing the build to fail.
This patch makes sure that execve() will return E2BIG if the environment is
too large for the target.
Signed-off-by: Ulrich Hecht <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
---
linux-user/syscall.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ee8899e..e868ec6 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4949,6 +4949,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
abi_ulong guest_envp;
abi_ulong addr;
char **q;
+ int total_size = 0;
argc = 0;
guest_argp = arg2;
@@ -4980,6 +4981,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
break;
if (!(*q = lock_user_string(addr)))
goto execve_efault;
+ total_size += strlen(*q) + 1;
}
*q = NULL;
@@ -4991,9 +4993,16 @@ abi_long do_syscall(void *cpu_env, int num, abi_long
arg1,
break;
if (!(*q = lock_user_string(addr)))
goto execve_efault;
+ total_size += strlen(*q) + 1;
}
*q = NULL;
+ /* This case will not be caught by the host's execve() if its
+ page size is bigger than the target's. */
+ if (total_size > MAX_ARG_PAGES * TARGET_PAGE_SIZE) {
+ ret = -TARGET_E2BIG;
+ goto execve_end;
+ }
if (!(p = lock_user_string(arg1)))
goto execve_efault;
ret = get_errno(execve(p, argp, envp));
--
1.7.8.3
- [Qemu-devel] [PULL 0/9] Trivial patches for 28 January to 10 February 2012, Stefan Hajnoczi, 2012/02/10
- [Qemu-devel] [PATCH 1/9] linux-user: fail execve() if env/args too big,
Stefan Hajnoczi <=
- [Qemu-devel] [PATCH 7/9] net: remove extra spaces in help messages, Stefan Hajnoczi, 2012/02/10
- [Qemu-devel] [PATCH 8/9] virtio: Remove unneeded g_free() check in virtio_cleanup(), Stefan Hajnoczi, 2012/02/10
- [Qemu-devel] [PATCH 5/9] vl.c: Fix typo in variable name, Stefan Hajnoczi, 2012/02/10
- [Qemu-devel] [PATCH 3/9] cpu-exec.c: Correct comment about this file and indentation cleanup, Stefan Hajnoczi, 2012/02/10
- [Qemu-devel] [PATCH 6/9] fmopl: Fix typo in function name, Stefan Hajnoczi, 2012/02/10
- [Qemu-devel] [PATCH 9/9] linux-user: brk() debugging, Stefan Hajnoczi, 2012/02/10
- [Qemu-devel] [PATCH 4/9] ide: fix compilation errors when DEBUG_IDE is set, Stefan Hajnoczi, 2012/02/10
- [Qemu-devel] [PATCH 2/9] CODING_STYLE: Clarify style for enum and function type names, Stefan Hajnoczi, 2012/02/10