From 529f605ac801a541b1206ce06d497f8835ca7412 Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gbeutner@serenityos.org>
Date: Sun, 16 May 2021 19:40:43 +0200
Subject: [PATCH] UE: Make sure the buffers for get{sock,peer}name() are large
 enough

Previously struct sockaddr was used which isn't guaranteed to be
large enough to hold the socket address get{sock,peer}name() returns.

Also, the addrlen argument was initialized incorrectly and should
instead use the address length specified by the caller.
---
 .../UserspaceEmulator/Emulator_syscalls.cpp      | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/Userland/DevTools/UserspaceEmulator/Emulator_syscalls.cpp b/Userland/DevTools/UserspaceEmulator/Emulator_syscalls.cpp
index c8de77ffa4..1fd6af2c83 100644
--- a/Userland/DevTools/UserspaceEmulator/Emulator_syscalls.cpp
+++ b/Userland/DevTools/UserspaceEmulator/Emulator_syscalls.cpp
@@ -706,9 +706,11 @@ int Emulator::virt$getsockname(FlatPtr params_addr)
 {
     Syscall::SC_getsockname_params params;
     mmu().copy_from_vm(&params, params_addr, sizeof(params));
-    struct sockaddr addr = {};
-    socklen_t addrlen = {};
-    auto rc = getsockname(params.sockfd, &addr, &addrlen);
+    sockaddr_storage addr = {};
+    socklen_t addrlen;
+    mmu().copy_from_vm(&addrlen, (FlatPtr)params.addrlen, sizeof(socklen_t));
+    VERIFY(addrlen <= sizeof(addr));
+    auto rc = getsockname(params.sockfd, (sockaddr*)&addr, &addrlen);
     mmu().copy_to_vm((FlatPtr)params.addr, &addr, sizeof(addr));
     mmu().copy_to_vm((FlatPtr)params.addrlen, &addrlen, sizeof(addrlen));
     return rc;
@@ -718,9 +720,11 @@ int Emulator::virt$getpeername(FlatPtr params_addr)
 {
     Syscall::SC_getpeername_params params;
     mmu().copy_from_vm(&params, params_addr, sizeof(params));
-    struct sockaddr addr = {};
-    socklen_t addrlen = {};
-    auto rc = getpeername(params.sockfd, &addr, &addrlen);
+    sockaddr_storage addr = {};
+    socklen_t addrlen;
+    mmu().copy_from_vm(&addrlen, (FlatPtr)params.addrlen, sizeof(socklen_t));
+    VERIFY(addrlen <= sizeof(addr));
+    auto rc = getpeername(params.sockfd, (sockaddr*)&addr, &addrlen);
     mmu().copy_to_vm((FlatPtr)params.addr, &addr, sizeof(addr));
     mmu().copy_to_vm((FlatPtr)params.addrlen, &addrlen, sizeof(addrlen));
     return rc;