From: Hugo Lefeuvre <hugo.lefeuvre@manchester.ac.uk>
Date: Fri, 26 Nov 2021 14:23:11 +0000 (+0100)
Subject: sockets.c: fix crash when handling invalid/unsupported FDs
X-Git-Tag: RELEASE-0.6~1
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=5f399bbec0bafbf5d5c1d976fc2588a5a7b99651;p=unikraft%2Flibs%2Flwip.git

sockets.c: fix crash when handling invalid/unsupported FDs

aee924b [0] introduce a bug where any return value of sock_net_file_get
that is an error code but *not -EBADF* will return in a crash.

Assume a situation where sock_net_file_get(i) returns an error-encoded
file that is not -EBADF (e.g., -EINVAL): that file will go through the

	if (PTR2ERR(file) == -EBADF)

check and pass it, moving on to

	if (maxfd < file->sock_fd)

where the error-encoded pointer is dereferenced, resulting in a crash.

[0] https://github.com/hlef/lib-lwip/commit/aee924ba854034f8b085a4298

Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@manchester.ac.uk>
Reviewed-by: Cezar Craciunoiu <cezar.craciunoiu@gmail.com>
Approved-by: Simon Kuenzer <simon.kuenzer@neclab.eu>
Tested-by: Unikraft CI <monkey@unikraft.io>
GitHub-Pull-Request: #14
---

diff --git a/sockets.c b/sockets.c
index 8b00711..7db82c7 100644
--- a/sockets.c
+++ b/sockets.c
@@ -538,14 +538,13 @@ int select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
 					FD_CLR(i, readfds);
 					continue;
 				}
-#else
+#endif
 				LWIP_DEBUGF(SOCKETS_DEBUG,
 					    ("failed to identify socket descriptor\n"));
 				ret = -1;
 				/* Setting the errno */
 				SOCK_NET_SET_ERRNO(PTR2ERR(file));
 				goto EXIT;
-#endif
 			}
 			if (maxfd < file->sock_fd)
 				maxfd = file->sock_fd;
@@ -561,14 +560,13 @@ int select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
 					FD_CLR(i, writefds);
 					continue;
 				}
-#else
+#endif
 				LWIP_DEBUGF(SOCKETS_DEBUG,
 					    ("failed to identify socket descriptor\n"));
 				ret = -1;
 				/* Setting the errno */
 				SOCK_NET_SET_ERRNO(PTR2ERR(file));
 				goto EXIT;
-#endif
 			}
 			if (maxfd < file->sock_fd)
 				maxfd = file->sock_fd;
@@ -584,14 +582,13 @@ int select(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
 					FD_CLR(i, exceptfds);
 					continue;
 				}
-#else
+#endif
 				LWIP_DEBUGF(SOCKETS_DEBUG,
 					    ("failed to identify socket descriptor\n"));
 				ret = -1;
 				/* Setting the errno */
 				SOCK_NET_SET_ERRNO(PTR2ERR(file));
 				goto EXIT;
-#endif
 			}
 			if (maxfd < file->sock_fd)
 				maxfd = file->sock_fd;