From 10426e0f31e427e90e69fee83f199ea521b8fe3d Mon Sep 17 00:00:00 2001 From: Fabricio Voznika Date: Mon, 25 Feb 2019 12:16:44 -0800 Subject: Handle invalid offset in sendfile(2) PiperOrigin-RevId: 235578698 Change-Id: I608ff5e25eac97f6e1bda058511c1f82b0e3b736 --- pkg/sentry/syscalls/linux/sys_file.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'pkg') diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go index 7ad0c9517..cf6fdc190 100644 --- a/pkg/sentry/syscalls/linux/sys_file.go +++ b/pkg/sentry/syscalls/linux/sys_file.go @@ -2022,7 +2022,6 @@ func Sendfile(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc } // Setup for sending data. - var offset uint64 var n int64 var err error w := &fs.FileWriter{t, outFile} @@ -2034,14 +2033,18 @@ func Sendfile(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc return 0, nil, syserror.ESPIPE } // Copy in the offset. + var offset int64 if _, err := t.CopyIn(offsetAddr, &offset); err != nil { return 0, nil, err } + if offset < 0 { + return 0, nil, syserror.EINVAL + } // Send data using Preadv. - r := io.NewSectionReader(&fs.FileReader{t, inFile}, int64(offset), count) + r := io.NewSectionReader(&fs.FileReader{t, inFile}, offset, count) n, err = io.Copy(w, r) // Copy out the new offset. - if _, err := t.CopyOut(offsetAddr, n+int64(offset)); err != nil { + if _, err := t.CopyOut(offsetAddr, n+offset); err != nil { return 0, nil, err } // If we don't have a provided offset. -- cgit v1.2.3