[PATCH 1/2] ws2_32: Validate pointers in select().
The documentation says that SOCKET_ERROR is returned and the error is set to WSAEFAULT if any of the input pointers point to unmapped memory. Signed-off-by: Torge Matthies <openglfreak(a)googlemail.com> --- dlls/ws2_32/socket.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/dlls/ws2_32/socket.c b/dlls/ws2_32/socket.c index b3dab22ae6e..1238f34aa1c 100644 --- a/dlls/ws2_32/socket.c +++ b/dlls/ws2_32/socket.c @@ -2384,6 +2384,15 @@ int WINAPI select( int count, fd_set *read_ptr, fd_set *write_ptr, TRACE( "read %p, write %p, except %p, timeout %p\n", read_ptr, write_ptr, except_ptr, timeout ); + if ((read_ptr && IsBadWritePtr(read_ptr, sizeof(*read_ptr))) + || (write_ptr && IsBadWritePtr(write_ptr, sizeof(*write_ptr))) + || (except_ptr && IsBadWritePtr(except_ptr, sizeof(*except_ptr))) + || (timeout && IsBadReadPtr(timeout, sizeof(*timeout)))) + { + SetLastError( WSAEFAULT ); + return -1; + } + FD_ZERO( &read ); FD_ZERO( &write ); FD_ZERO( &except ); -- 2.33.1
Signed-off-by: Torge Matthies <openglfreak(a)googlemail.com> --- dlls/ws2_32/tests/sock.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/dlls/ws2_32/tests/sock.c b/dlls/ws2_32/tests/sock.c index 2bb219d7c0e..1e264906d95 100644 --- a/dlls/ws2_32/tests/sock.c +++ b/dlls/ws2_32/tests/sock.c @@ -3030,6 +3030,30 @@ static void test_errors(void) ret = select(1, NULL, &set, NULL, &timeval); ok( (ret == 0), "expected 0 (timeout), got: %d\n", ret ); + + ret = select(1, (fd_set *)0xdeadbeef, NULL, NULL, &timeval); + ok( (ret == SOCKET_ERROR), "expected SOCKET_ERROR, got: %d\n", ret ); + if (ret == SOCKET_ERROR) + { + err = WSAGetLastError(); + ok( (err == WSAEFAULT), "expected WSAEFAULT, got: %d\n", err ); + } + + ret = select(1, NULL, &set, NULL, (TIMEVAL *)0xdeadbeef); + ok( (ret == SOCKET_ERROR), "expected SOCKET_ERROR, got: %d\n", ret ); + if (ret == SOCKET_ERROR) + { + err = WSAGetLastError(); + ok( (err == WSAEFAULT), "expected WSAEFAULT, got: %d\n", err ); + } + } + + ret = select(1, NULL, NULL, NULL, (TIMEVAL *)0xdeadbeef); + ok( (ret == SOCKET_ERROR), "expected SOCKET_ERROR, got: %d\n", ret ); + if (ret == SOCKET_ERROR) + { + err = WSAGetLastError(); + ok( (err == WSAEFAULT), "expected WSAEFAULT, got: %d\n", err ); } ret = closesocket(sock); -- 2.33.1
Hi, While running your changed tests, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check? Full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=100244 Your paranoid android. === w7u_2qxl (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w7u_adm (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w7u_el (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w8 (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w8adm (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w864 (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064v1507 (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064v1809 (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064 (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064_tsign (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w10pro64 (32 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w864 (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064v1507 (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064v1809 (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064 (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064_2qxl (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w1064_tsign (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w10pro64 (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w10pro64_ar (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w10pro64_he (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w10pro64_ja (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === w10pro64_zh_CN (64 bit report) === ws2_32: sock.c:3047: Test failed: expected WSAEFAULT, got: 10022 sock.c:3056: Test failed: expected WSAEFAULT, got: 10022 === debiant2 (32 bit WoW report) === ws2_32: sock.c:1135: Test failed: wait failed, error 258
Hi, While running your changed tests, I think I found new failures. Being a bot and all I'm not very good at pattern recognition, so I might be wrong, but could you please double-check? Full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=100243 Your paranoid android. === debiant2 (32 bit report) === ws2_32: sock.c:5164: Test failed: expected timeout
participants (2)
-
Marvin -
Torge Matthies