Skip to content

Commit 55b4f73

Browse files
yamtlum1n0us
yamt
authored and
lum1n0us
committed
libc-wasi: add missing pointer validations to socket functions (#4611)
cf. #4463 the fix for sock_addr_resolve is incomplete. cf. #4610
1 parent 6450d87 commit 55b4f73

1 file changed

Lines changed: 35 additions & 0 deletions

File tree

core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1161,6 +1161,9 @@ wasi_sock_accept(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_fdflags_t flags,
11611161
if (!wasi_ctx)
11621162
return __WASI_EACCES;
11631163

1164+
if (!validate_native_addr(fd_new, sizeof(*fd_new)))
1165+
return __WASI_EINVAL;
1166+
11641167
curfds = wasi_ctx_get_curfds(wasi_ctx);
11651168

11661169
return wasi_ssp_sock_accept(exec_env, curfds, fd, flags, fd_new);
@@ -1219,6 +1222,19 @@ wasi_sock_addr_resolve(wasm_exec_env_t exec_env, const char *host,
12191222
if (!wasi_ctx)
12201223
return __WASI_EACCES;
12211224

1225+
if (!validate_native_addr(hints, sizeof(*hints)))
1226+
return __WASI_EINVAL;
1227+
1228+
uint64_t addr_info_byte_size = sizeof(*addr_info) * addr_info_size;
1229+
if (addr_info_byte_size / addr_info_size != sizeof(*addr_info))
1230+
return __WASI_EINVAL;
1231+
1232+
if (!validate_native_addr(addr_info, addr_info_byte_size))
1233+
return __WASI_EINVAL;
1234+
1235+
if (!validate_native_addr(max_info_size, sizeof(*max_info_size)))
1236+
return __WASI_EINVAL;
1237+
12221238
curfds = wasi_ctx_get_curfds(wasi_ctx);
12231239
ns_lookup_list = wasi_ctx_get_ns_lookup_list(wasi_ctx);
12241240

@@ -1238,6 +1254,9 @@ wasi_sock_bind(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr)
12381254
if (!wasi_ctx)
12391255
return __WASI_EACCES;
12401256

1257+
if (!validate_native_addr(addr, sizeof(*addr)))
1258+
return __WASI_EINVAL;
1259+
12411260
curfds = wasi_ctx_get_curfds(wasi_ctx);
12421261
addr_pool = wasi_ctx_get_addr_pool(wasi_ctx);
12431262

@@ -1264,6 +1283,9 @@ wasi_sock_connect(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr)
12641283
if (!wasi_ctx)
12651284
return __WASI_EACCES;
12661285

1286+
if (!validate_native_addr(addr, sizeof(*addr)))
1287+
return __WASI_EINVAL;
1288+
12671289
curfds = wasi_ctx_get_curfds(wasi_ctx);
12681290
addr_pool = wasi_ctx_get_addr_pool(wasi_ctx);
12691291

@@ -1643,6 +1665,9 @@ wasi_sock_open(wasm_exec_env_t exec_env, wasi_fd_t poolfd,
16431665
if (!wasi_ctx)
16441666
return __WASI_EACCES;
16451667

1668+
if (!validate_native_addr(sockfd, sizeof(*sockfd)))
1669+
return __WASI_EINVAL;
1670+
16461671
curfds = wasi_ctx_get_curfds(wasi_ctx);
16471672

16481673
return wasi_ssp_sock_open(exec_env, curfds, poolfd, af, socktype, sockfd);
@@ -2082,6 +2107,10 @@ wasi_sock_recv_from(wasm_exec_env_t exec_env, wasi_fd_t sock,
20822107
return __WASI_EINVAL;
20832108
}
20842109

2110+
/* note: src_addr is NULL when called by wasi_sock_recv */
2111+
if (src_addr != NULL && !validate_native_addr(src_addr, sizeof(*src_addr)))
2112+
return __WASI_EINVAL;
2113+
20852114
if (!validate_native_addr(ro_data_len, (uint64)sizeof(uint32)))
20862115
return __WASI_EINVAL;
20872116

@@ -2121,6 +2150,9 @@ wasi_sock_recv(wasm_exec_env_t exec_env, wasi_fd_t sock, iovec_app_t *ri_data,
21212150
__wasi_addr_t src_addr;
21222151
wasi_errno_t error;
21232152

2153+
if (!validate_native_addr(ro_data_len, sizeof(*ro_data_len)))
2154+
return __WASI_EINVAL;
2155+
21242156
if (!validate_native_addr(ro_flags, (uint64)sizeof(wasi_roflags_t)))
21252157
return __WASI_EINVAL;
21262158

@@ -2228,6 +2260,9 @@ wasi_sock_send_to(wasm_exec_env_t exec_env, wasi_fd_t sock,
22282260
return __WASI_EINVAL;
22292261
}
22302262

2263+
if (!validate_native_addr((void *)dest_addr, sizeof(*dest_addr)))
2264+
return __WASI_EINVAL;
2265+
22312266
if (!validate_native_addr(so_data_len, (uint64)sizeof(uint32)))
22322267
return __WASI_EINVAL;
22332268

0 commit comments

Comments
 (0)