aee924b [0] introduce a bug where any return value of sock_net_file_get
that is an error code but *not -EBADF* will return in a crash.
Assume a situation where sock_net_file_get(i) returns an error-encoded
file that is not -EBADF (e.g., -EINVAL): that file will go through the
if (PTR2ERR(file) == -EBADF)
check and pass it, moving on to
if (maxfd < file->sock_fd)
where the error-encoded pointer is dereferenced, resulting in a crash.
[0] https://github.com/hlef/lib-lwip/commit/
aee924ba854034f8b085a4298
Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@manchester.ac.uk>
Reviewed-by: Cezar Craciunoiu <cezar.craciunoiu@gmail.com>
Approved-by: Simon Kuenzer <simon.kuenzer@neclab.eu>
Tested-by: Unikraft CI <monkey@unikraft.io>
GitHub-Pull-Request: #14
FD_CLR(i, readfds);
continue;
}
-#else
+#endif
LWIP_DEBUGF(SOCKETS_DEBUG,
("failed to identify socket descriptor\n"));
ret = -1;
/* Setting the errno */
SOCK_NET_SET_ERRNO(PTR2ERR(file));
goto EXIT;
-#endif
}
if (maxfd < file->sock_fd)
maxfd = file->sock_fd;
FD_CLR(i, writefds);
continue;
}
-#else
+#endif
LWIP_DEBUGF(SOCKETS_DEBUG,
("failed to identify socket descriptor\n"));
ret = -1;
/* Setting the errno */
SOCK_NET_SET_ERRNO(PTR2ERR(file));
goto EXIT;
-#endif
}
if (maxfd < file->sock_fd)
maxfd = file->sock_fd;
FD_CLR(i, exceptfds);
continue;
}
-#else
+#endif
LWIP_DEBUGF(SOCKETS_DEBUG,
("failed to identify socket descriptor\n"));
ret = -1;
/* Setting the errno */
SOCK_NET_SET_ERRNO(PTR2ERR(file));
goto EXIT;
-#endif
}
if (maxfd < file->sock_fd)
maxfd = file->sock_fd;
projects / unikraft / libs / lwip.git / commitdiff