H3cJP/citra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

soc_u: Perform size checking for static buffers

Browse Source 
Previously, the buffers pushed were too long and would trigger an ASSERT in our IPC handling code.
This commit is contained in:
FearlessTobi 2023-07-30 19:30:02 +02:00
parent 22c4eb86d7
commit fea38f824d
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/core/hle/service/soc_u.cpp
View File

@ -868,7 +868,7 @@ void SOC_U::Accept(Kernel::HLERequestContext& ctx) {
rb.Push(ERR_INVALID_HANDLE); rb.Push(ERR_INVALID_HANDLE);
return; return;
} }
[[maybe_unused]] const auto max_addr_len = static_cast<socklen_t>(rp.Pop<u32>()); const auto max_addr_len = rp.Pop<u32>();
rp.PopPID(); rp.PopPID();
sockaddr addr; sockaddr addr;
socklen_t addr_len = sizeof(addr); socklen_t addr_len = sizeof(addr);
@ -889,6 +889,11 @@ void SOC_U::Accept(Kernel::HLERequestContext& ctx) {
std::memcpy(ctr_addr_buf.data(), &ctr_addr, sizeof(ctr_addr)); std::memcpy(ctr_addr_buf.data(), &ctr_addr, sizeof(ctr_addr));
} }
if (ctr_addr_buf.size() > max_addr_len) {
LOG_WARNING(Frontend, "CTRSockAddr is too long, truncating data.");
ctr_addr_buf.resize(max_addr_len);
}
IPC::RequestBuilder rb = rp.MakeBuilder(2, 2); IPC::RequestBuilder rb = rp.MakeBuilder(2, 2);
rb.Push(RESULT_SUCCESS); rb.Push(RESULT_SUCCESS);
rb.Push(ret); rb.Push(ret);
@ -1264,7 +1269,7 @@ void SOC_U::GetSockName(Kernel::HLERequestContext& ctx) {
rb.Push(ERR_INVALID_HANDLE); rb.Push(ERR_INVALID_HANDLE);
return; return;
} }
[[maybe_unused]] const auto max_addr_len = rp.Pop<u32>(); const auto max_addr_len = rp.Pop<u32>();
rp.PopPID(); rp.PopPID();
sockaddr dest_addr; sockaddr dest_addr;
@ -1278,6 +1283,11 @@ void SOC_U::GetSockName(Kernel::HLERequestContext& ctx) {
if (ret != 0) if (ret != 0)
ret = TranslateError(GET_ERRNO); ret = TranslateError(GET_ERRNO);
if (dest_addr_buff.size() > max_addr_len) {
LOG_WARNING(Frontend, "CTRSockAddr is too long, truncating data.");
dest_addr_buff.resize(max_addr_len);
}
IPC::RequestBuilder rb = rp.MakeBuilder(2, 2); IPC::RequestBuilder rb = rp.MakeBuilder(2, 2);
rb.Push(RESULT_SUCCESS); rb.Push(RESULT_SUCCESS);
rb.Push(ret); rb.Push(ret);
@ -1358,7 +1368,7 @@ void SOC_U::GetPeerName(Kernel::HLERequestContext& ctx) {
rb.Push(ERR_INVALID_HANDLE); rb.Push(ERR_INVALID_HANDLE);
return; return;
} }
[[maybe_unused]] const auto max_addr_len = rp.Pop<u32>(); const auto max_addr_len = rp.Pop<u32>();
rp.PopPID(); rp.PopPID();
sockaddr dest_addr; sockaddr dest_addr;
@ -1374,6 +1384,11 @@ void SOC_U::GetPeerName(Kernel::HLERequestContext& ctx) {
result = TranslateError(GET_ERRNO); result = TranslateError(GET_ERRNO);
} }
if (dest_addr_buff.size() > max_addr_len) {
LOG_WARNING(Frontend, "CTRSockAddr is too long, truncating data.");
dest_addr_buff.resize(max_addr_len);
}
IPC::RequestBuilder rb = rp.MakeBuilder(2, 2); IPC::RequestBuilder rb = rp.MakeBuilder(2, 2);
rb.Push(RESULT_SUCCESS); rb.Push(RESULT_SUCCESS);
rb.Push(result); rb.Push(result);