Package: qemu Version: 0.7.0-4 Tags: patch The patch to handle the kernel version sysctl correctly runs tswapl on all the arguments to sysctl, but does not run tswapl on the contents of the name array. The attached patch fixes this problem.
- Josh Triplett
--- qemu-0.7.0/linux-user/syscall.c 2005-10-17 18:20:46.000000000 -0700 +++ qemu-0.7.0.new/linux-user/syscall.c 2005-10-17 18:21:15.000000000 -0700 @@ -2768,11 +2768,13 @@ break; case TARGET_NR__sysctl: { + int i; struct __sysctl_args *args = (struct __sysctl_args *) arg1; - int *name, nlen, *oldlenp, oldlen, newlen; + int *namep, nlen, *oldlenp, oldlen, newlen; + int name[CTL_MAXNAME]; void *oldval, *newval; - name = (int *) tswapl((long) args->name); + namep = (int *) tswapl((long) args->name); nlen = tswapl(args->nlen); oldval = (void *) tswapl((long) args->oldval); oldlenp = (int *) tswapl((long) args->oldlenp); @@ -2780,6 +2782,14 @@ newval = (void *) tswapl((long) args->newval); newlen = tswapl(args->newlen); + if (nlen <= 0 || nlen >= CTL_MAXNAME) { + gemu_log("qemu: sysctl with bad nlen"); + ret = -ENOTDIR; + } + + for(i = 0; i < nlen; i++) + name[i] = tswapl(namep[i]); + if (nlen == 2 && name[0] == CTL_KERN && name[1] == KERN_VERSION) { ret = get_errno( sysctl(name, nlen, oldval, &oldlen, newval, newlen));
signature.asc
Description: OpenPGP digital signature