summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls/linux
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2018-06-28 12:54:14 -0700
committerShentubot <shentubot@google.com>2018-06-28 12:55:18 -0700
commit1ceed49ba94c139be274fe5eaf367201ab0042a6 (patch)
tree9e55d2f3f6dbd1e74376bbaf02a8dc42174fece4 /pkg/sentry/syscalls/linux
parent8459390cdd81ef1c8180948566e893b06233923c (diff)
Check for invalid offset when submitting an AIO read/write request.
PiperOrigin-RevId: 202528335 Change-Id: Ic32312cf4337bcb40a7155cb2174e5cd89a280f7
Diffstat (limited to 'pkg/sentry/syscalls/linux')
-rw-r--r--pkg/sentry/syscalls/linux/sys_aio.go8
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_aio.go b/pkg/sentry/syscalls/linux/sys_aio.go
index 80407a082..470027206 100644
--- a/pkg/sentry/syscalls/linux/sys_aio.go
+++ b/pkg/sentry/syscalls/linux/sys_aio.go
@@ -319,6 +319,14 @@ func submitCallback(t *kernel.Task, id uint64, cb *ioCallback, cbAddr usermem.Ad
return err
}
+ // Check offset for reads/writes.
+ switch cb.OpCode {
+ case _IOCB_CMD_PREAD, _IOCB_CMD_PREADV, _IOCB_CMD_PWRITE, _IOCB_CMD_PWRITEV:
+ if cb.Offset < 0 {
+ return syserror.EINVAL
+ }
+ }
+
// Prepare the request.
ctx, ok := t.MemoryManager().LookupAIOContext(t, id)
if !ok {