qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] linux-user: implement TARGET_SO_PEERSEC

From: Laurent Vivier
Subject: Re: [PATCH] linux-user: implement TARGET_SO_PEERSEC
Date: Tue, 4 Feb 2020 22:10:18 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 
Le 03/02/2020 à 18:37, Laurent Vivier a écrit :
> "The purpose of this option is to allow an application to obtain the
> security credentials of a Unix stream socket peer.  It is analogous to
> SO_PEERCRED (which provides authentication using standard Unix credentials
> of pid, uid and gid), and extends this concept to other security
> models." -- https://lwn.net/Articles/62370/
> 
> Until now it was passed to the kernel with an "int" argument and
> fails when it was supported by the host because the parameter is
> like a filename: it is always a \0-terminated string with no embedded
> \0 characters, but is not guaranteed to be ASCII or UTF-8.
> 
> I've tested the option with the following program:
> 
>     /*
>      * cc -o getpeercon getpeercon.c
>      */
> 
>     #include <stdio.h>
>     #include <sys/types.h>
>     #include <sys/socket.h>
>     #include <netinet/in.h>
>     #include <arpa/inet.h>
> 
>     int main(void)
>     {
>         int fd;
>         struct sockaddr_in server, addr;
>         int ret;
>         socklen_t len;
>         char buf[256];
> 
>         fd = socket(PF_INET, SOCK_STREAM, 0);
>         if (fd == -1) {
>             perror("socket");
>             return 1;
>         }
> 
>         server.sin_family = AF_INET;
>         inet_aton("127.0.0.1", &server.sin_addr);
>         server.sin_port = htons(40390);
> 
>         connect(fd, (struct sockaddr*)&server, sizeof(server));
> 
>         len = sizeof(buf);
>         ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &len);
>         if (ret == -1) {
>             perror("getsockopt");
>             return 1;
>         }
>         printf("%d %s\n", len, buf);
>         return 0;
>     }
> 
> On host:
> 
>   $ ./getpeercon
>   33 system_u:object_r:unlabeled_t:s0
> 
> With qemu-aarch64/bionic without the patch:
> 
>   $ ./getpeercon
>   getsockopt: Numerical result out of range
> 
> With the patch:
> 
>   $ ./getpeercon
>   33 system_u:object_r:unlabeled_t:s0
> 
> Bug: https://bugs.launchpad.net/qemu/+bug/1823790
> Reported-by: Matthias Lüscher <address@hidden>
> Tested-by: Matthias Lüscher <address@hidden>
> Signed-off-by: Laurent Vivier <address@hidden>
> ---
>  linux-user/syscall.c | 22 ++++++++++++++++++++++
>  1 file changed, 22 insertions(+)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index d60142f0691c..5f37e62772de 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -2344,6 +2344,28 @@ static abi_long do_getsockopt(int sockfd, int level, 
> int optname,
>              }
>              break;
>          }
> +        case TARGET_SO_PEERSEC: {
> +            char *name;
> +
> +            if (get_user_u32(len, optlen)) {
> +                return -TARGET_EFAULT;
> +            }
> +            if (len < 0) {
> +                return -TARGET_EINVAL;
> +            }
> +            name = lock_user(VERIFY_WRITE, optval_addr, len, 0);
> +            if (!name) {
> +                return -TARGET_EFAULT;
> +            }
> +            lv = len;
> +            ret = get_errno(getsockopt(sockfd, level, SO_PEERSEC,
> +                                       name, &lv));
> +            if (put_user_u32(lv, optlen)) {
> +                ret = -TARGET_EFAULT;
> +            }
> +            unlock_user(name, optval_addr, 0);

There is an error here, "0" must be "lv".

I update and resend.

Thanks,
Laurent
reply via email to
[Prev in Thread] Current Thread [Next in Thread]