Page MenuHomeFreeBSD

dtrace: fix an out of bound read and a NULL pointer increment
ClosedPublic

Authored by domagoj.stolfa_gmail.com on Jun 15 2021, 8:20 PM.

Details

Summary

In dt_cc.c when the provider is an empty string, accessing strlen(pdp->dtpd_provider) - 1 will result in a pdp->dtpd_provider[-1] access.

Similarly, in dt_ident.c, if p2 is a NULL pointer, doing a p2++ on it is undefined behaviour.

Signed-off-by: Domagoj Stolfa <domagoj.stolfa@gmail.com>
Sponsored by: Google

Diff Detail

Repository
rG FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c
215–216

I think these two lines could just be p2 = strchr(p2 + 1, ','); but I don't have a strong preference.

This revision is now accepted and ready to land.Jun 15 2021, 8:53 PM

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like and a Sponsored by: Google.

Thanks!

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like

I prefer not to since we don't have a policy around it, at least not yet. If you prefer to have it, then I'll keep it.

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like

I prefer not to since we don't have a policy around it, at least not yet. If you prefer to have it, then I'll keep it.

That's fine -- no need to put it in then. Just a "Sponsored by: Google" is fine :). Thanks!