linux-user: do_setsockopt: fix SOL_ALG.ALG_SET_KEY

This setsockopt accepts zero-lengh optlen (current qemu implementation does not allow this). Also, there's no need to make a copy of the key, it is enough to use lock_user() (which accepts zero length already). Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2197 Fixes: f31dddd2fc "linux-user: Add support for setsockopt() option SOL_ALG" Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Message-Id: <20240331100737.2724186-2-mjt@tls.msk.ru> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-03-31 13:07:34 +03:00 · 2024-03-31 13:07:34 +03:00 · 04f6fb897a
commit 04f6fb897a
parent 1f2355f53c
1 changed files with 2 additions and 7 deletions
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@ -2277,18 +2277,13 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
        switch (optname) {
        case ALG_SET_KEY:
        {
-            char *alg_key = g_malloc(optlen);
-
+            char *alg_key = lock_user(VERIFY_READ, optval_addr, optlen, 1);
            if (!alg_key) {
-                return -TARGET_ENOMEM;
-            }
-            if (copy_from_user(alg_key, optval_addr, optlen)) {
-                g_free(alg_key);
                return -TARGET_EFAULT;
            }
            ret = get_errno(setsockopt(sockfd, level, optname,
                                       alg_key, optlen));
-            g_free(alg_key);
+            unlock_user(alg_key, optval_addr, optlen);
            break;
        }
        case ALG_SET_AEAD_AUTHSIZE: