libc-wasi: add missing pointer validations to socket functions (#4611) (#4665)

* libc-wasi: add missing pointer validations to socket functions (#4611)
cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4463
the fix for sock_addr_resolve is incomplete.
cf. https://github.com/bytecodealliance/wasm-micro-runtime/issues/4610

* Sync from main branch
  - wasi_sock_recv doesn't use src_addr
  - check src_addr before coverting

* CI: use windows-2022 image for now (#4633)

github is currently rolling out windows-2025 image.
for some reasons, the "path_symlink_trailing_slashes" test case in
wasi testsuite fails on windows-2025 image.
someone familar with windows need to investigate what was the
key difference between 2022 and 2025.
until that happens, this commit makes our CI use windows-2022 image.

cf.
https://github.com/bytecodealliance/wasm-micro-runtime/issues/4632
https://github.com/actions/runner-images/issues/12677

---------

Co-authored-by: YAMAMOTO Takashi <yamamoto@midokura.com>

.github/workflows/build_iwasm_release.yml

@@ -127,7 +127,7 @@ jobs:
         working-directory: ${{ inputs.cwd }}
 
       - name: Compress the binary on Windows
-        if: inputs.runner == 'windows-latest'
+        if: inputs.runner == 'windows-2022'
         run: |
           tar -czf iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz iwasm.exe
           Compress-Archive -Path iwasm.exe -DestinationPath iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.zip
@@ -135,7 +135,7 @@ jobs:
         working-directory: ${{ inputs.cwd }}/build/Release
 
       - name: compress the binary on non-Windows
-        if: inputs.runner != 'windows-latest'
+        if: inputs.runner != 'windows-2022'
         run: |
           # Follow the symlink to the actual binary file
           tar --dereference -czf iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz iwasm

.github/workflows/build_llvm_libraries.yml

@@ -118,11 +118,11 @@ jobs:
           key: 0-ccache-${{ inputs.os }}-${{ steps.get_last_commit.outputs.last_commit }}
           restore-keys: |
             0-ccache-${{ inputs.os }}
-        if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-latest'
+        if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-2022'
 
       # Install tools on Windows
       - run: choco install -y ccache ninja
-        if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-latest'
+        if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-2022'
 
       - name: Build LLVM libraries
         if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true'

.github/workflows/build_wamrc.yml

@@ -63,7 +63,7 @@ jobs:
         working-directory: wamr-compiler
 
       - name: Compress the binary on Windows
-        if: inputs.runner == 'windows-latest' && inputs.release
+        if: inputs.runner == 'windows-2022' && inputs.release
         run: |
           tar -czf wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz wamrc.exe
           Compress-Archive -Path wamrc.exe -DestinationPath wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.zip
@@ -71,7 +71,7 @@ jobs:
         working-directory: wamr-compiler/build/Release
 
       - name: compress the binary on non-Windows
-        if: inputs.runner != 'windows-latest' && inputs.release
+        if: inputs.runner != 'windows-2022' && inputs.release
         run: |
           # Follow the symlink to the actual binary file
           tar --dereference -czf wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz wamrc

.github/workflows/compilation_on_windows.yml

@@ -1,7 +1,7 @@
 # Copyright (C) 2019 Intel Corporation.  All rights reserved.
 # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
-name: compilation on windows-latest
+name: compilation on windows-2022
 
 on:
   # will be triggered on PR events
@@ -63,11 +63,11 @@ jobs:
       actions: write
     uses: ./.github/workflows/build_llvm_libraries.yml
     with:
-      os: "windows-latest"
+      os: "windows-2022"
       arch: "AArch64 ARM Mips RISCV X86"
 
   build_iwasm:
-    runs-on: windows-latest
+    runs-on: windows-2022
     strategy:
       matrix:
         build_options:
@@ -105,7 +105,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - os: windows-latest
+          - os: windows-2022
             llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }}
     steps:
       - name: checkout
@@ -136,7 +136,7 @@ jobs:
         working-directory: wamr-compiler
 
   test:
-    runs-on: windows-latest
+    runs-on: windows-2022
     needs: [build_iwasm, build_wamrc]
     strategy:
       fail-fast: false

.github/workflows/release_process.yml

@@ -85,7 +85,7 @@ jobs:
     needs: [create_tag, create_release]
     uses: ./.github/workflows/build_llvm_libraries.yml
     with:
-      os: "windows-latest"
+      os: "windows-2022"
       arch: "AArch64 ARM Mips RISCV X86"
 
   #
@@ -122,7 +122,7 @@ jobs:
     with:
       llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }}
       release: true
-      runner: windows-latest
+      runner: windows-2022
       upload_url: ${{ needs.create_release.outputs.upload_url }}
       ver_num: ${{ needs.create_tag.outputs.new_ver }}
 
@@ -160,7 +160,7 @@ jobs:
     with:
       cwd: product-mini/platforms/windows
       llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }}
-      runner: windows-latest
+      runner: windows-2022
       upload_url: ${{ needs.create_release.outputs.upload_url }}
       ver_num: ${{ needs.create_tag.outputs.new_ver}}
 

core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c

@@ -1161,6 +1161,9 @@ wasi_sock_accept(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_fdflags_t flags,
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(fd_new, sizeof(*fd_new)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
 
     return wasi_ssp_sock_accept(exec_env, curfds, fd, flags, fd_new);
@@ -1219,6 +1222,19 @@ wasi_sock_addr_resolve(wasm_exec_env_t exec_env, const char *host,
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(hints, sizeof(*hints)))
+        return __WASI_EINVAL;
+
+    uint64_t addr_info_byte_size = sizeof(*addr_info) * addr_info_size;
+    if (addr_info_byte_size / addr_info_size != sizeof(*addr_info))
+        return __WASI_EINVAL;
+
+    if (!validate_native_addr(addr_info, addr_info_byte_size))
+        return __WASI_EINVAL;
+
+    if (!validate_native_addr(max_info_size, sizeof(*max_info_size)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
     ns_lookup_list = wasi_ctx_get_ns_lookup_list(wasi_ctx);
 
@@ -1238,6 +1254,9 @@ wasi_sock_bind(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr)
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(addr, sizeof(*addr)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
     addr_pool = wasi_ctx_get_addr_pool(wasi_ctx);
 
@@ -1264,6 +1283,9 @@ wasi_sock_connect(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr)
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(addr, sizeof(*addr)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
     addr_pool = wasi_ctx_get_addr_pool(wasi_ctx);
 
@@ -1643,6 +1665,9 @@ wasi_sock_open(wasm_exec_env_t exec_env, wasi_fd_t poolfd,
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(sockfd, sizeof(*sockfd)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
 
     return wasi_ssp_sock_open(exec_env, curfds, poolfd, af, socktype, sockfd);
@@ -2082,6 +2107,10 @@ wasi_sock_recv_from(wasm_exec_env_t exec_env, wasi_fd_t sock,
         return __WASI_EINVAL;
     }
 
+    /* note: src_addr is NULL when called by wasi_sock_recv */
+    if (src_addr != NULL && !validate_native_addr(src_addr, sizeof(*src_addr)))
+        return __WASI_EINVAL;
+
     if (!validate_native_addr(ro_data_len, (uint64)sizeof(uint32)))
         return __WASI_EINVAL;
 
@@ -2118,16 +2147,19 @@ wasi_sock_recv(wasm_exec_env_t exec_env, wasi_fd_t sock, iovec_app_t *ri_data,
                wasi_roflags_t *ro_flags)
 {
     wasm_module_inst_t module_inst = get_module_inst(exec_env);
-    __wasi_addr_t src_addr;
     wasi_errno_t error;
 
+    if (!validate_native_addr(ro_data_len, sizeof(*ro_data_len)))
+        return __WASI_EINVAL;
+
     if (!validate_native_addr(ro_flags, (uint64)sizeof(wasi_roflags_t)))
         return __WASI_EINVAL;
 
+    // We call `recvfrom` with NULL source address as `recv` doesn't
+    // return the source address and this parameter is not used.
+    *ro_data_len = 0;
     error = wasi_sock_recv_from(exec_env, sock, ri_data, ri_data_len, ri_flags,
-                                &src_addr, ro_data_len);
-    *ro_flags = ri_flags;
-
+                                NULL, ro_data_len);
     return error;
 }
 
@@ -2228,6 +2260,9 @@ wasi_sock_send_to(wasm_exec_env_t exec_env, wasi_fd_t sock,
         return __WASI_EINVAL;
     }
 
+    if (!validate_native_addr((void *)dest_addr, sizeof(*dest_addr)))
+        return __WASI_EINVAL;
+
     if (!validate_native_addr(so_data_len, (uint64)sizeof(uint32)))
         return __WASI_EINVAL;
 

core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c

@@ -2854,7 +2854,11 @@ wasmtime_ssp_sock_recv_from(wasm_exec_env_t exec_env, struct fd_table *curfds,
         return convert_errno(errno);
     }
 
+    // If the source address is not NULL, we need to convert the sockaddr
+    // back to __wasi_addr_t format.
+    if (src_addr != NULL) {
         bh_sockaddr_to_wasi_addr(&sockaddr, src_addr);
+    }
 
     *recv_len = (size_t)ret;
     return __WASI_ESUCCESS;