p71924506
/
kernel_liteos_a
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: SIOCGIFCONF ioctl malloc size error in kernel 

use struct ifconf and ifc_buf size malloc memory

close: #I3XEZ3

Signed-off-by: liujiandong <liujiandong1@huawei.com>
This commit is contained in:
YOUR_NAME 2021-06-23 15:24:50 +08:00
parent 8a3d188240
commit bfd27e78b2
1 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
net/lwip-2.1/porting/src/sockets.c
View File

@ -1468,6 +1468,51 @@ static err_t lwip_do_ioctl_impl(struct tcpip_api_call_data *call)
#include "los_vm_map.h"
#include "user_copy.h"
static int do_ioctl_SIOCGIFCONF(int sockfd, long cmd, void *argp)
{
int nbytes;
struct ifconf ifc;
char *buf_bak = NULL;
int ret;
if (LOS_ArchCopyFromUser(&ifc, argp, sizeof(struct ifconf)) != 0) {
set_errno(EFAULT);
return -1;
}
nbytes = ifc.ifc_len;
if (nbytes < 0) {
set_errno(EINVAL);
return -1;
}
buf_bak = ifc.ifc_buf;
if (!LOS_IsUserAddress((VADDR_T)(uintptr_t)buf_bak)) {
set_errno(EFAULT);
return -1;
}
ifc.ifc_buf = malloc(nbytes);
if (ifc.ifc_buf == NULL) {
set_errno(ENOMEM);
return -1;
}
(void)memset_s(ifc.ifc_buf, nbytes, 0, nbytes);
ret = lwip_ioctl(sockfd, cmd, &ifc);
if (ret == 0) {
if (LOS_ArchCopyToUser(buf_bak, ifc.ifc_buf, nbytes) != 0) {
set_errno(EFAULT);
ret = -1;
}
}
free(ifc.ifc_buf);
ifc.ifc_buf = buf_bak;
if (LOS_ArchCopyToUser(argp, &ifc, sizeof(struct ifconf)) != 0) {
set_errno(EFAULT);
ret = -1;
}
return ret;
}
int socks_ioctl(int sockfd, long cmd, void *argp)
{
void *argpbak = argp;
@ -1483,11 +1528,12 @@ int socks_ioctl(int sockfd, long cmd, void *argp)
case SIOCADDRT:
nbytes = sizeof(struct rtentry);
break;
case SIOCGIFCONF:
return do_ioctl_SIOCGIFCONF(sockfd, cmd, argp);
case SIOCSIPV6DAD:
case SIOCGIPV6DAD:
case SIOCSIPV6DPCTD:
case SIOCGIPV6DPCTD:
case SIOCGIFCONF:
case SIOCGIFADDR:
case SIOCSIFADDR:
case SIOCDIFADDR: