From fea38f824d2edad094fa910b9934a09adee64171 Mon Sep 17 00:00:00 2001
From: FearlessTobi <thm.frey@gmail.com>
Date: Sun, 30 Jul 2023 19:30:02 +0200
Subject: [PATCH] soc_u: Perform size checking for static buffers

Previously, the buffers pushed were too long and would trigger an ASSERT in our IPC handling code.
---
 src/core/hle/service/soc_u.cpp | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/core/hle/service/soc_u.cpp b/src/core/hle/service/soc_u.cpp
index 60e5f92ea6..05e2bc194e 100644
--- a/src/core/hle/service/soc_u.cpp
+++ b/src/core/hle/service/soc_u.cpp
@@ -868,7 +868,7 @@ void SOC_U::Accept(Kernel::HLERequestContext& ctx) {
         rb.Push(ERR_INVALID_HANDLE);
         return;
     }
-    [[maybe_unused]] const auto max_addr_len = static_cast<socklen_t>(rp.Pop<u32>());
+    const auto max_addr_len = rp.Pop<u32>();
     rp.PopPID();
     sockaddr addr;
     socklen_t addr_len = sizeof(addr);
@@ -889,6 +889,11 @@ void SOC_U::Accept(Kernel::HLERequestContext& ctx) {
         std::memcpy(ctr_addr_buf.data(), &ctr_addr, sizeof(ctr_addr));
     }
 
+    if (ctr_addr_buf.size() > max_addr_len) {
+        LOG_WARNING(Frontend, "CTRSockAddr is too long, truncating data.");
+        ctr_addr_buf.resize(max_addr_len);
+    }
+
     IPC::RequestBuilder rb = rp.MakeBuilder(2, 2);
     rb.Push(RESULT_SUCCESS);
     rb.Push(ret);
@@ -1264,7 +1269,7 @@ void SOC_U::GetSockName(Kernel::HLERequestContext& ctx) {
         rb.Push(ERR_INVALID_HANDLE);
         return;
     }
-    [[maybe_unused]] const auto max_addr_len = rp.Pop<u32>();
+    const auto max_addr_len = rp.Pop<u32>();
     rp.PopPID();
 
     sockaddr dest_addr;
@@ -1278,6 +1283,11 @@ void SOC_U::GetSockName(Kernel::HLERequestContext& ctx) {
     if (ret != 0)
         ret = TranslateError(GET_ERRNO);
 
+    if (dest_addr_buff.size() > max_addr_len) {
+        LOG_WARNING(Frontend, "CTRSockAddr is too long, truncating data.");
+        dest_addr_buff.resize(max_addr_len);
+    }
+
     IPC::RequestBuilder rb = rp.MakeBuilder(2, 2);
     rb.Push(RESULT_SUCCESS);
     rb.Push(ret);
@@ -1358,7 +1368,7 @@ void SOC_U::GetPeerName(Kernel::HLERequestContext& ctx) {
         rb.Push(ERR_INVALID_HANDLE);
         return;
     }
-    [[maybe_unused]] const auto max_addr_len = rp.Pop<u32>();
+    const auto max_addr_len = rp.Pop<u32>();
     rp.PopPID();
 
     sockaddr dest_addr;
@@ -1374,6 +1384,11 @@ void SOC_U::GetPeerName(Kernel::HLERequestContext& ctx) {
         result = TranslateError(GET_ERRNO);
     }
 
+    if (dest_addr_buff.size() > max_addr_len) {
+        LOG_WARNING(Frontend, "CTRSockAddr is too long, truncating data.");
+        dest_addr_buff.resize(max_addr_len);
+    }
+
     IPC::RequestBuilder rb = rp.MakeBuilder(2, 2);
     rb.Push(RESULT_SUCCESS);
     rb.Push(result);