Skip to content

Commit 5e779b3

Browse files
yamtyamt
authored
libc-wasi: add missing pointer validations to socket functions (#4611)
cf. #4463 the fix for sock_addr_resolve is incomplete. cf. #4610
1 parent 4f86468 commit 5e779b3

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1159,6 +1159,9 @@ wasi_sock_accept(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_fdflags_t flags,
11591159
if (!wasi_ctx)
11601160
return __WASI_EACCES;
11611161

1162+
if (!validate_native_addr(fd_new, sizeof(*fd_new)))
1163+
return __WASI_EINVAL;
1164+
11621165
curfds = wasi_ctx_get_curfds(wasi_ctx);
11631166

11641167
return wasi_ssp_sock_accept(exec_env, curfds, fd, flags, fd_new);
@@ -1217,6 +1220,19 @@ wasi_sock_addr_resolve(wasm_exec_env_t exec_env, const char *host,
12171220
if (!wasi_ctx)
12181221
return __WASI_EACCES;
12191222

1223+
if (!validate_native_addr(hints, sizeof(*hints)))
1224+
return __WASI_EINVAL;
1225+
1226+
uint64_t addr_info_byte_size = sizeof(*addr_info) * addr_info_size;
1227+
if (addr_info_byte_size / addr_info_size != sizeof(*addr_info))
1228+
return __WASI_EINVAL;
1229+
1230+
if (!validate_native_addr(addr_info, addr_info_byte_size))
1231+
return __WASI_EINVAL;
1232+
1233+
if (!validate_native_addr(max_info_size, sizeof(*max_info_size)))
1234+
return __WASI_EINVAL;
1235+
12201236
curfds = wasi_ctx_get_curfds(wasi_ctx);
12211237
ns_lookup_list = wasi_ctx_get_ns_lookup_list(wasi_ctx);
12221238

@@ -1236,6 +1252,9 @@ wasi_sock_bind(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr)
12361252
if (!wasi_ctx)
12371253
return __WASI_EACCES;
12381254

1255+
if (!validate_native_addr(addr, sizeof(*addr)))
1256+
return __WASI_EINVAL;
1257+
12391258
curfds = wasi_ctx_get_curfds(wasi_ctx);
12401259
addr_pool = wasi_ctx_get_addr_pool(wasi_ctx);
12411260

@@ -1262,6 +1281,9 @@ wasi_sock_connect(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr)
12621281
if (!wasi_ctx)
12631282
return __WASI_EACCES;
12641283

1284+
if (!validate_native_addr(addr, sizeof(*addr)))
1285+
return __WASI_EINVAL;
1286+
12651287
curfds = wasi_ctx_get_curfds(wasi_ctx);
12661288
addr_pool = wasi_ctx_get_addr_pool(wasi_ctx);
12671289

@@ -1641,6 +1663,9 @@ wasi_sock_open(wasm_exec_env_t exec_env, wasi_fd_t poolfd,
16411663
if (!wasi_ctx)
16421664
return __WASI_EACCES;
16431665

1666+
if (!validate_native_addr(sockfd, sizeof(*sockfd)))
1667+
return __WASI_EINVAL;
1668+
16441669
curfds = wasi_ctx_get_curfds(wasi_ctx);
16451670

16461671
return wasi_ssp_sock_open(exec_env, curfds, poolfd, af, socktype, sockfd);
@@ -2080,6 +2105,10 @@ wasi_sock_recv_from(wasm_exec_env_t exec_env, wasi_fd_t sock,
20802105
return __WASI_EINVAL;
20812106
}
20822107

2108+
/* note: src_addr is NULL when called by wasi_sock_recv */
2109+
if (src_addr != NULL && !validate_native_addr(src_addr, sizeof(*src_addr)))
2110+
return __WASI_EINVAL;
2111+
20832112
if (!validate_native_addr(ro_data_len, (uint64)sizeof(uint32)))
20842113
return __WASI_EINVAL;
20852114

@@ -2118,6 +2147,9 @@ wasi_sock_recv(wasm_exec_env_t exec_env, wasi_fd_t sock, iovec_app_t *ri_data,
21182147
wasm_module_inst_t module_inst = get_module_inst(exec_env);
21192148
wasi_errno_t error;
21202149

2150+
if (!validate_native_addr(ro_data_len, sizeof(*ro_data_len)))
2151+
return __WASI_EINVAL;
2152+
21212153
if (!validate_native_addr(ro_flags, (uint64)sizeof(wasi_roflags_t)))
21222154
return __WASI_EINVAL;
21232155

@@ -2227,6 +2259,9 @@ wasi_sock_send_to(wasm_exec_env_t exec_env, wasi_fd_t sock,
22272259
return __WASI_EINVAL;
22282260
}
22292261

2262+
if (!validate_native_addr((void *)dest_addr, sizeof(*dest_addr)))
2263+
return __WASI_EINVAL;
2264+
22302265
if (!validate_native_addr(so_data_len, (uint64)sizeof(uint32)))
22312266
return __WASI_EINVAL;
22322267

0 commit comments

Comments
 (0)