Check for invalid offset when submitting an AIO read/write request.

PiperOrigin-RevId: 202528335 Change-Id: Ic32312cf4337bcb40a7155cb2174e5cd89a280f7
author: Nicolas Lacasse <nlacasse@google.com> 2018-06-28 12:54:14 -0700
committer: Shentubot <shentubot@google.com> 2018-06-28 12:55:18 -0700
commit: 1ceed49ba94c139be274fe5eaf367201ab0042a6 (patch)
tree: 9e55d2f3f6dbd1e74376bbaf02a8dc42174fece4 /pkg/sentry/syscalls
parent: 8459390cdd81ef1c8180948566e893b06233923c (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_aio.go b/pkg/sentry/syscalls/linux/sys_aio.go
index 80407a082..470027206 100644
--- a/pkg/sentry/syscalls/linux/sys_aio.go
+++ b/pkg/sentry/syscalls/linux/sys_aio.go
@@ -319,6 +319,14 @@ func submitCallback(t *kernel.Task, id uint64, cb *ioCallback, cbAddr usermem.Ad
 		return err
 	}
 
+	// Check offset for reads/writes.
+	switch cb.OpCode {
+	case _IOCB_CMD_PREAD, _IOCB_CMD_PREADV, _IOCB_CMD_PWRITE, _IOCB_CMD_PWRITEV:
+		if cb.Offset < 0 {
+			return syserror.EINVAL
+		}
+	}
+
 	// Prepare the request.
 	ctx, ok := t.MemoryManager().LookupAIOContext(t, id)
 	if !ok {
author	Nicolas Lacasse <nlacasse@google.com>	2018-06-28 12:54:14 -0700
committer	Shentubot <shentubot@google.com>	2018-06-28 12:55:18 -0700
commit	1ceed49ba94c139be274fe5eaf367201ab0042a6 (patch)
tree	9e55d2f3f6dbd1e74376bbaf02a8dc42174fece4 /pkg/sentry/syscalls
parent	8459390cdd81ef1c8180948566e893b06233923c (diff)