Page MenuHomeFreeBSD
Differential D16000

Fix wrong sizeof() argument and descriptor leak reported by Coverity
ClosedPublic
Actions

Authored by aniketp on Jun 24 2018, 9:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 29, 9:23 AM
Unknown Object (File)
Fri, Mar 28, 9:02 PM
Unknown Object (File)
Mar 6 2025, 8:40 PM
Unknown Object (File)
Feb 23 2025, 2:24 PM
Unknown Object (File)
Feb 20 2025, 1:44 AM
Unknown Object (File)
Feb 17 2025, 2:29 AM
Unknown Object (File)
Feb 3 2025, 8:46 AM
Unknown Object (File)
Feb 3 2025, 6:31 AM
View All 80 Files
Subscribers
imp

Details

Reviewers
asomers
rwatson
gnn
Commits
rS335703: audit(4): fix Coverity issues
Summary

This revision fixes the resource leak and possible buffer overflow due to incorrect
sizeof(buf) argument passed to extattr_set_{file/fd/link}. Approach is to set the
extended attribute authorname to NULL and pass the size_t nbytes argument as 0.

CID List:

CID 1393489
CID 1393501
CID 1393509
CID 1393510
CID 1393514
CID 1393515
CID 1393516
CID 1393517
CID 1393518
CID 1393519

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 17654
Build 17459: arc lint + arc unit

Event Timeline

aniketp created this revision.Jun 24 2018, 9:10 PM
Harbormaster completed remote builds in B17599: Diff 44399.Jun 24 2018, 9:10 PM
asomers requested changes to this revision.Jun 25 2018, 12:39 AM
asomers added inline comments.
tests/sys/audit/file-attribute-access.c
818

Technically this would fix the problem. But this technique obviously wouldn't work if you actually cared about the extended attribute. As an educational exercise, try fixing it the right way. Hint: you could define buff as an array rather than a pointer.

This revision now requires changes to proceed.Jun 25 2018, 12:39 AM
aniketp updated this revision to Diff 44416.EditedJun 25 2018, 11:04 AM

Declare buff as an array instead of a pointer, to be able to correctly pass the value to nbytes argument for extattr_set_*

[Much better than the earlier fix, Thanks!]

Harbormaster completed remote builds in B17606: Diff 44416.Jun 25 2018, 11:04 AM
asomers requested changes to this revision.Jun 26 2018, 8:37 PM

This is still incorrect. sizeof(buff) returns 80. That means that extattr_set_file is going to set the attribute's value to ezio\0 followed by 75 bytes of stack garbage. You might try leaving buff's length unspecified, by declaring it like static char buff[] = "ezio";. Whatever you do, ensure that the nbytes argument is either 4 (if you don't desire NULL termination) or 5 (if you do).

This revision now requires changes to proceed.Jun 26 2018, 8:37 PM
aniketp updated this revision to Diff 44506.Jun 27 2018, 4:30 AM

Remove 80 bytes hardcoded initialization from buff array

Harbormaster completed remote builds in B17654: Diff 44506.Jun 27 2018, 4:30 AM
asomers accepted this revision.Jun 27 2018, 2:56 PM
This revision is now accepted and ready to land.Jun 27 2018, 2:56 PM
Closed by commit rS335703: audit(4): fix Coverity issues (authored by asomers). · Explain WhyJun 27 2018, 3:28 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: imp. · View Herald TranscriptJun 27 2018, 3:28 PM

Revision Contents
Changeset List

PathSize
tests/
sys/
audit/
2 lines
2 lines
2 lines

Diff 44506

View Options

tests/sys/audit/administrative.c

Show First 20 LinesShow All 939 Lines▼ Show 20 Lines if (interp[interp_name_len - 1] != '\0') {
return (ENOEXEC); return (ENOEXEC);
} }
*interpp = interp; *interpp = interp;
*free_interpp = false; *free_interpp = false;
return (0); return (0);
} }
static int
__elfN(load_interp)(struct image_params *imgp, const Elf_Brandinfo *brand_info,
const char *interp, u_long *addr, u_long *entry)
{
char *path;
int error;
if (brand_info->emul_path != NULL &&
brand_info->emul_path[0] != '\0') {
path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
snprintf(path, MAXPATHLEN, "%s%s",
brand_info->emul_path, interp);
error = __elfN(load_file)(imgp->proc, path, addr, entry);
free(path, M_TEMP);
kibUnsubmitted
Not Done
Inline Actions

This block of if() can be naturally moved before calculating newinterp.

kib: This block of if() can be naturally moved before calculating newinterp.
if (error == 0)
return (0);
}
if (brand_info->interp_newpath != NULL &&
(brand_info->interp_path == NULL ||
strcmp(interp, brand_info->interp_path) == 0)) {
error = __elfN(load_file)(imgp->proc,
brand_info->interp_newpath, addr, entry);
if (error == 0)
kibUnsubmitted
Not Done
Inline Actions

How could newinterp != NULL and brand_info->interp_path == NULL ?

kib: How could newinterp != NULL and brand_info->interp_path == NULL ?
traszAuthorUnsubmitted
Done
Inline Actions

The newinterp comes from brand_info->interp_newpath, not brand_info->interp_path.

trasz: The newinterp comes from brand_info->interp_newpath, not brand_info->interp_path.
return (0);
}
error = __elfN(load_file)(imgp->proc, interp, addr, entry);
if (error == 0)
return (0);
uprintf("ELF interpreter %s not found, error %d\n", interp, error);
return (error);
}
kibUnsubmitted
Done
Inline Actions

This block is irrelevant for the task of loading the interpreter. I must not be moved.

kib: This block is irrelevant for the task of loading the interpreter. I must not be moved.
/* /*
* Impossible et_dyn_addr initial value indicating that the real base * Impossible et_dyn_addr initial value indicating that the real base
* must be calculated later with some randomization applied. * must be calculated later with some randomization applied.
*/ */
#define ET_DYN_ADDR_RAND 1 #define ET_DYN_ADDR_RAND 1
static int static int
__CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
{ {
struct thread *td; struct thread *td;
const Elf_Ehdr *hdr; const Elf_Ehdr *hdr;
const Elf_Phdr *phdr; const Elf_Phdr *phdr;
Elf_Auxargs *elf_auxargs; Elf_Auxargs *elf_auxargs;
struct vmspace *vmspace; struct vmspace *vmspace;
vm_map_t map; vm_map_t map;
const char *newinterp; char *interp;
char *interp, *path;
Elf_Brandinfo *brand_info; Elf_Brandinfo *brand_info;
struct sysentvec *sv; struct sysentvec *sv;
vm_prot_t prot; vm_prot_t prot;
u_long addr, baddr, et_dyn_addr, entry, proghdr; u_long addr, baddr, et_dyn_addr, entry, proghdr;
u_long maxalign, mapsz, maxv, maxv1; u_long maxalign, mapsz, maxv, maxv1;
uint32_t fctl0; uint32_t fctl0;
int32_t osrel; int32_t osrel;
bool free_interp; bool free_interp;
int error, i, n, have_interp; int error, i, n;
hdr = (const Elf_Ehdr *)imgp->image_header; hdr = (const Elf_Ehdr *)imgp->image_header;
/* /*
* Do we have a valid ELF header ? * Do we have a valid ELF header ?
* *
* Only allow ET_EXEC & ET_DYN here, reject ET_DYN later * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
* if particular brand doesn't support it. * if particular brand doesn't support it.
Show All 19 Lines if (!aligned(phdr, Elf_Addr)) {
return (ENOEXEC); return (ENOEXEC);
} }
n = error = 0; n = error = 0;
baddr = 0; baddr = 0;
osrel = 0; osrel = 0;
fctl0 = 0; fctl0 = 0;
entry = proghdr = 0; entry = proghdr = 0;
newinterp = interp = NULL; interp = NULL;
free_interp = false; free_interp = false;
td = curthread; td = curthread;
maxalign = PAGE_SIZE; maxalign = PAGE_SIZE;
mapsz = 0; mapsz = 0;
for (i = 0; i < hdr->e_phnum; i++) { for (i = 0; i < hdr->e_phnum; i++) {
switch (phdr[i].p_type) { switch (phdr[i].p_type) {
case PT_LOAD: case PT_LOAD:
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Lines if (baddr == 0) {
else if ((__elfN(pie_aslr_enabled) && else if ((__elfN(pie_aslr_enabled) &&
(imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) || (imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) ||
(imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0) (imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0)
et_dyn_addr = ET_DYN_ADDR_RAND; et_dyn_addr = ET_DYN_ADDR_RAND;
else else
et_dyn_addr = ET_DYN_LOAD_ADDR; et_dyn_addr = ET_DYN_LOAD_ADDR;
} }
} }
if (interp != NULL && brand_info->interp_newpath != NULL)
newinterp = brand_info->interp_newpath;
/* /*
* Avoid a possible deadlock if the current address space is destroyed * Avoid a possible deadlock if the current address space is destroyed
* and that address space maps the locked vnode. In the common case, * and that address space maps the locked vnode. In the common case,
* the locked vnode's v_usecount is decremented but remains greater * the locked vnode's v_usecount is decremented but remains greater
* than zero. Consequently, the vnode lock is not needed by vrele(). * than zero. Consequently, the vnode lock is not needed by vrele().
* However, in cases where the vnode lock is external, such as nullfs, * However, in cases where the vnode lock is external, such as nullfs,
* v_usecount may become zero. * v_usecount may become zero.
▲ Show 20 LinesShow All 108 Lines▼ Show 20 Lines map->anon_loc = __CONCAT(rnd_, __elfN(base))(map, addr, maxv1,
MAXPAGESIZES > 1 ? pagesizes[1] : pagesizes[0]); MAXPAGESIZES > 1 ? pagesizes[1] : pagesizes[0]);
} else { } else {
map->anon_loc = addr; map->anon_loc = addr;
} }
imgp->entry_addr = entry; imgp->entry_addr = entry;
if (interp != NULL) { if (interp != NULL) {
have_interp = FALSE;
VOP_UNLOCK(imgp->vp, 0); VOP_UNLOCK(imgp->vp, 0);
if ((map->flags & MAP_ASLR) != 0) { if ((map->flags & MAP_ASLR) != 0) {
/* Assume that interpeter fits into 1/4 of AS */ /* Assume that interpeter fits into 1/4 of AS */
maxv1 = maxv / 2 + addr / 2; maxv1 = maxv / 2 + addr / 2;
MPASS(maxv1 >= addr); /* No overflow */ MPASS(maxv1 >= addr); /* No overflow */
addr = __CONCAT(rnd_, __elfN(base))(map, addr, addr = __CONCAT(rnd_, __elfN(base))(map, addr,
maxv1, PAGE_SIZE); maxv1, PAGE_SIZE);
} }
if (brand_info->emul_path != NULL && error = __elfN(load_interp)(imgp, brand_info, interp, &addr,
brand_info->emul_path[0] != '\0') {
path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
snprintf(path, MAXPATHLEN, "%s%s",
brand_info->emul_path, interp);
error = __elfN(load_file)(imgp->proc, path, &addr,
&imgp->entry_addr); &imgp->entry_addr);
free(path, M_TEMP);
if (error == 0)
have_interp = TRUE;
}
if (!have_interp && newinterp != NULL &&
(brand_info->interp_path == NULL ||
strcmp(interp, brand_info->interp_path) == 0)) {
error = __elfN(load_file)(imgp->proc, newinterp, &addr,
&imgp->entry_addr);
if (error == 0)
have_interp = TRUE;
}
if (!have_interp) {
error = __elfN(load_file)(imgp->proc, interp, &addr,
&imgp->entry_addr);
}
vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY); vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
if (error != 0) { if (error != 0)
uprintf("ELF interpreter %s not found, error %d\n",
interp, error);
goto ret; goto ret;
}
} else } else
addr = et_dyn_addr; addr = et_dyn_addr;
/* /*
* Construct auxargs table (used by the fixup routine) * Construct auxargs table (used by the fixup routine)
*/ */
elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK); elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK);
elf_auxargs->execfd = -1; elf_auxargs->execfd = -1;
▲ Show 20 LinesShow All 1,456 LinesShow Last 20 Lines
View Options

tests/sys/audit/file-attribute-access.c

Show First 20 LinesShow All 939 Lines▼ Show 20 Lines if (interp[interp_name_len - 1] != '\0') {
return (ENOEXEC); return (ENOEXEC);
} }
*interpp = interp; *interpp = interp;
*free_interpp = false; *free_interpp = false;
return (0); return (0);
} }
static int
__elfN(load_interp)(struct image_params *imgp, const Elf_Brandinfo *brand_info,
const char *interp, u_long *addr, u_long *entry)
{
char *path;
int error;
if (brand_info->emul_path != NULL &&
brand_info->emul_path[0] != '\0') {
path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
snprintf(path, MAXPATHLEN, "%s%s",
brand_info->emul_path, interp);
error = __elfN(load_file)(imgp->proc, path, addr, entry);
free(path, M_TEMP);
kibUnsubmitted
Not Done
Inline Actions

This block of if() can be naturally moved before calculating newinterp.

kib: This block of if() can be naturally moved before calculating newinterp.
if (error == 0)
return (0);
}
if (brand_info->interp_newpath != NULL &&
(brand_info->interp_path == NULL ||
strcmp(interp, brand_info->interp_path) == 0)) {
error = __elfN(load_file)(imgp->proc,
brand_info->interp_newpath, addr, entry);
if (error == 0)
kibUnsubmitted
Not Done
Inline Actions

How could newinterp != NULL and brand_info->interp_path == NULL ?

kib: How could newinterp != NULL and brand_info->interp_path == NULL ?
traszAuthorUnsubmitted
Done
Inline Actions

The newinterp comes from brand_info->interp_newpath, not brand_info->interp_path.

trasz: The newinterp comes from brand_info->interp_newpath, not brand_info->interp_path.
return (0);
}
error = __elfN(load_file)(imgp->proc, interp, addr, entry);
if (error == 0)
return (0);
uprintf("ELF interpreter %s not found, error %d\n", interp, error);
return (error);
}
kibUnsubmitted
Done
Inline Actions

This block is irrelevant for the task of loading the interpreter. I must not be moved.

kib: This block is irrelevant for the task of loading the interpreter. I must not be moved.
/* /*
* Impossible et_dyn_addr initial value indicating that the real base * Impossible et_dyn_addr initial value indicating that the real base
* must be calculated later with some randomization applied. * must be calculated later with some randomization applied.
*/ */
#define ET_DYN_ADDR_RAND 1 #define ET_DYN_ADDR_RAND 1
static int static int
__CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
{ {
struct thread *td; struct thread *td;
const Elf_Ehdr *hdr; const Elf_Ehdr *hdr;
const Elf_Phdr *phdr; const Elf_Phdr *phdr;
Elf_Auxargs *elf_auxargs; Elf_Auxargs *elf_auxargs;
struct vmspace *vmspace; struct vmspace *vmspace;
vm_map_t map; vm_map_t map;
const char *newinterp; char *interp;
char *interp, *path;
Elf_Brandinfo *brand_info; Elf_Brandinfo *brand_info;
struct sysentvec *sv; struct sysentvec *sv;
vm_prot_t prot; vm_prot_t prot;
u_long addr, baddr, et_dyn_addr, entry, proghdr; u_long addr, baddr, et_dyn_addr, entry, proghdr;
u_long maxalign, mapsz, maxv, maxv1; u_long maxalign, mapsz, maxv, maxv1;
uint32_t fctl0; uint32_t fctl0;
int32_t osrel; int32_t osrel;
bool free_interp; bool free_interp;
int error, i, n, have_interp; int error, i, n;
hdr = (const Elf_Ehdr *)imgp->image_header; hdr = (const Elf_Ehdr *)imgp->image_header;
/* /*
* Do we have a valid ELF header ? * Do we have a valid ELF header ?
* *
* Only allow ET_EXEC & ET_DYN here, reject ET_DYN later * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
* if particular brand doesn't support it. * if particular brand doesn't support it.
Show All 19 Lines if (!aligned(phdr, Elf_Addr)) {
return (ENOEXEC); return (ENOEXEC);
} }
n = error = 0; n = error = 0;
baddr = 0; baddr = 0;
osrel = 0; osrel = 0;
fctl0 = 0; fctl0 = 0;
entry = proghdr = 0; entry = proghdr = 0;
newinterp = interp = NULL; interp = NULL;
free_interp = false; free_interp = false;
td = curthread; td = curthread;
maxalign = PAGE_SIZE; maxalign = PAGE_SIZE;
mapsz = 0; mapsz = 0;
for (i = 0; i < hdr->e_phnum; i++) { for (i = 0; i < hdr->e_phnum; i++) {
switch (phdr[i].p_type) { switch (phdr[i].p_type) {
case PT_LOAD: case PT_LOAD:
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Lines if (baddr == 0) {
else if ((__elfN(pie_aslr_enabled) && else if ((__elfN(pie_aslr_enabled) &&
(imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) || (imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) ||
(imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0) (imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0)
et_dyn_addr = ET_DYN_ADDR_RAND; et_dyn_addr = ET_DYN_ADDR_RAND;
else else
et_dyn_addr = ET_DYN_LOAD_ADDR; et_dyn_addr = ET_DYN_LOAD_ADDR;
} }
} }
if (interp != NULL && brand_info->interp_newpath != NULL)
newinterp = brand_info->interp_newpath;
/* /*
* Avoid a possible deadlock if the current address space is destroyed * Avoid a possible deadlock if the current address space is destroyed
* and that address space maps the locked vnode. In the common case, * and that address space maps the locked vnode. In the common case,
* the locked vnode's v_usecount is decremented but remains greater * the locked vnode's v_usecount is decremented but remains greater
* than zero. Consequently, the vnode lock is not needed by vrele(). * than zero. Consequently, the vnode lock is not needed by vrele().
* However, in cases where the vnode lock is external, such as nullfs, * However, in cases where the vnode lock is external, such as nullfs,
* v_usecount may become zero. * v_usecount may become zero.
▲ Show 20 LinesShow All 108 Lines▼ Show 20 Lines map->anon_loc = __CONCAT(rnd_, __elfN(base))(map, addr, maxv1,
MAXPAGESIZES > 1 ? pagesizes[1] : pagesizes[0]); MAXPAGESIZES > 1 ? pagesizes[1] : pagesizes[0]);
} else { } else {
map->anon_loc = addr; map->anon_loc = addr;
} }
imgp->entry_addr = entry; imgp->entry_addr = entry;
if (interp != NULL) { if (interp != NULL) {
have_interp = FALSE;
VOP_UNLOCK(imgp->vp, 0); VOP_UNLOCK(imgp->vp, 0);
if ((map->flags & MAP_ASLR) != 0) { if ((map->flags & MAP_ASLR) != 0) {
/* Assume that interpeter fits into 1/4 of AS */ /* Assume that interpeter fits into 1/4 of AS */
maxv1 = maxv / 2 + addr / 2; maxv1 = maxv / 2 + addr / 2;
MPASS(maxv1 >= addr); /* No overflow */ MPASS(maxv1 >= addr); /* No overflow */
addr = __CONCAT(rnd_, __elfN(base))(map, addr, addr = __CONCAT(rnd_, __elfN(base))(map, addr,
maxv1, PAGE_SIZE); maxv1, PAGE_SIZE);
} }
if (brand_info->emul_path != NULL && error = __elfN(load_interp)(imgp, brand_info, interp, &addr,
brand_info->emul_path[0] != '\0') {
path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
snprintf(path, MAXPATHLEN, "%s%s",
brand_info->emul_path, interp);
error = __elfN(load_file)(imgp->proc, path, &addr,
&imgp->entry_addr); &imgp->entry_addr);
free(path, M_TEMP);
if (error == 0)
have_interp = TRUE;
}
if (!have_interp && newinterp != NULL &&
(brand_info->interp_path == NULL ||
strcmp(interp, brand_info->interp_path) == 0)) {
error = __elfN(load_file)(imgp->proc, newinterp, &addr,
&imgp->entry_addr);
if (error == 0)
have_interp = TRUE;
}
if (!have_interp) {
error = __elfN(load_file)(imgp->proc, interp, &addr,
&imgp->entry_addr);
}
vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY); vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
if (error != 0) { if (error != 0)
uprintf("ELF interpreter %s not found, error %d\n",
interp, error);
goto ret; goto ret;
}
} else } else
addr = et_dyn_addr; addr = et_dyn_addr;
/* /*
* Construct auxargs table (used by the fixup routine) * Construct auxargs table (used by the fixup routine)
*/ */
elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK); elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK);
elf_auxargs->execfd = -1; elf_auxargs->execfd = -1;
▲ Show 20 LinesShow All 1,456 LinesShow Last 20 Lines
View Options

tests/sys/audit/file-attribute-modify.c

Show First 20 LinesShow All 939 Lines▼ Show 20 Lines if (interp[interp_name_len - 1] != '\0') {
return (ENOEXEC); return (ENOEXEC);
} }
*interpp = interp; *interpp = interp;
*free_interpp = false; *free_interpp = false;
return (0); return (0);
} }
static int
__elfN(load_interp)(struct image_params *imgp, const Elf_Brandinfo *brand_info,
const char *interp, u_long *addr, u_long *entry)
{
char *path;
int error;
if (brand_info->emul_path != NULL &&
brand_info->emul_path[0] != '\0') {
path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
snprintf(path, MAXPATHLEN, "%s%s",
brand_info->emul_path, interp);
error = __elfN(load_file)(imgp->proc, path, addr, entry);
free(path, M_TEMP);
kibUnsubmitted
Not Done
Inline Actions

This block of if() can be naturally moved before calculating newinterp.

kib: This block of if() can be naturally moved before calculating newinterp.
if (error == 0)
return (0);
}
if (brand_info->interp_newpath != NULL &&
(brand_info->interp_path == NULL ||
strcmp(interp, brand_info->interp_path) == 0)) {
error = __elfN(load_file)(imgp->proc,
brand_info->interp_newpath, addr, entry);
if (error == 0)
kibUnsubmitted
Not Done
Inline Actions

How could newinterp != NULL and brand_info->interp_path == NULL ?

kib: How could newinterp != NULL and brand_info->interp_path == NULL ?
traszAuthorUnsubmitted
Done
Inline Actions

The newinterp comes from brand_info->interp_newpath, not brand_info->interp_path.

trasz: The newinterp comes from brand_info->interp_newpath, not brand_info->interp_path.
return (0);
}
error = __elfN(load_file)(imgp->proc, interp, addr, entry);
if (error == 0)
return (0);
uprintf("ELF interpreter %s not found, error %d\n", interp, error);
return (error);
}
kibUnsubmitted
Done
Inline Actions

This block is irrelevant for the task of loading the interpreter. I must not be moved.

kib: This block is irrelevant for the task of loading the interpreter. I must not be moved.
/* /*
* Impossible et_dyn_addr initial value indicating that the real base * Impossible et_dyn_addr initial value indicating that the real base
* must be calculated later with some randomization applied. * must be calculated later with some randomization applied.
*/ */
#define ET_DYN_ADDR_RAND 1 #define ET_DYN_ADDR_RAND 1
static int static int
__CONCAT(exec_, __elfN(imgact))(struct image_params *imgp) __CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
{ {
struct thread *td; struct thread *td;
const Elf_Ehdr *hdr; const Elf_Ehdr *hdr;
const Elf_Phdr *phdr; const Elf_Phdr *phdr;
Elf_Auxargs *elf_auxargs; Elf_Auxargs *elf_auxargs;
struct vmspace *vmspace; struct vmspace *vmspace;
vm_map_t map; vm_map_t map;
const char *newinterp; char *interp;
char *interp, *path;
Elf_Brandinfo *brand_info; Elf_Brandinfo *brand_info;
struct sysentvec *sv; struct sysentvec *sv;
vm_prot_t prot; vm_prot_t prot;
u_long addr, baddr, et_dyn_addr, entry, proghdr; u_long addr, baddr, et_dyn_addr, entry, proghdr;
u_long maxalign, mapsz, maxv, maxv1; u_long maxalign, mapsz, maxv, maxv1;
uint32_t fctl0; uint32_t fctl0;
int32_t osrel; int32_t osrel;
bool free_interp; bool free_interp;
int error, i, n, have_interp; int error, i, n;
hdr = (const Elf_Ehdr *)imgp->image_header; hdr = (const Elf_Ehdr *)imgp->image_header;
/* /*
* Do we have a valid ELF header ? * Do we have a valid ELF header ?
* *
* Only allow ET_EXEC & ET_DYN here, reject ET_DYN later * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
* if particular brand doesn't support it. * if particular brand doesn't support it.
Show All 19 Lines if (!aligned(phdr, Elf_Addr)) {
return (ENOEXEC); return (ENOEXEC);
} }
n = error = 0; n = error = 0;
baddr = 0; baddr = 0;
osrel = 0; osrel = 0;
fctl0 = 0; fctl0 = 0;
entry = proghdr = 0; entry = proghdr = 0;
newinterp = interp = NULL; interp = NULL;
free_interp = false; free_interp = false;
td = curthread; td = curthread;
maxalign = PAGE_SIZE; maxalign = PAGE_SIZE;
mapsz = 0; mapsz = 0;
for (i = 0; i < hdr->e_phnum; i++) { for (i = 0; i < hdr->e_phnum; i++) {
switch (phdr[i].p_type) { switch (phdr[i].p_type) {
case PT_LOAD: case PT_LOAD:
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Lines if (baddr == 0) {
else if ((__elfN(pie_aslr_enabled) && else if ((__elfN(pie_aslr_enabled) &&
(imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) || (imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) ||
(imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0) (imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0)
et_dyn_addr = ET_DYN_ADDR_RAND; et_dyn_addr = ET_DYN_ADDR_RAND;
else else
et_dyn_addr = ET_DYN_LOAD_ADDR; et_dyn_addr = ET_DYN_LOAD_ADDR;
} }
} }
if (interp != NULL && brand_info->interp_newpath != NULL)
newinterp = brand_info->interp_newpath;
/* /*
* Avoid a possible deadlock if the current address space is destroyed * Avoid a possible deadlock if the current address space is destroyed
* and that address space maps the locked vnode. In the common case, * and that address space maps the locked vnode. In the common case,
* the locked vnode's v_usecount is decremented but remains greater * the locked vnode's v_usecount is decremented but remains greater
* than zero. Consequently, the vnode lock is not needed by vrele(). * than zero. Consequently, the vnode lock is not needed by vrele().
* However, in cases where the vnode lock is external, such as nullfs, * However, in cases where the vnode lock is external, such as nullfs,
* v_usecount may become zero. * v_usecount may become zero.
▲ Show 20 LinesShow All 108 Lines▼ Show 20 Lines map->anon_loc = __CONCAT(rnd_, __elfN(base))(map, addr, maxv1,
MAXPAGESIZES > 1 ? pagesizes[1] : pagesizes[0]); MAXPAGESIZES > 1 ? pagesizes[1] : pagesizes[0]);
} else { } else {
map->anon_loc = addr; map->anon_loc = addr;
} }
imgp->entry_addr = entry; imgp->entry_addr = entry;
if (interp != NULL) { if (interp != NULL) {
have_interp = FALSE;
VOP_UNLOCK(imgp->vp, 0); VOP_UNLOCK(imgp->vp, 0);
if ((map->flags & MAP_ASLR) != 0) { if ((map->flags & MAP_ASLR) != 0) {
/* Assume that interpeter fits into 1/4 of AS */ /* Assume that interpeter fits into 1/4 of AS */
maxv1 = maxv / 2 + addr / 2; maxv1 = maxv / 2 + addr / 2;
MPASS(maxv1 >= addr); /* No overflow */ MPASS(maxv1 >= addr); /* No overflow */
addr = __CONCAT(rnd_, __elfN(base))(map, addr, addr = __CONCAT(rnd_, __elfN(base))(map, addr,
maxv1, PAGE_SIZE); maxv1, PAGE_SIZE);
} }
if (brand_info->emul_path != NULL && error = __elfN(load_interp)(imgp, brand_info, interp, &addr,
brand_info->emul_path[0] != '\0') {
path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
snprintf(path, MAXPATHLEN, "%s%s",
brand_info->emul_path, interp);
error = __elfN(load_file)(imgp->proc, path, &addr,
&imgp->entry_addr); &imgp->entry_addr);
free(path, M_TEMP);
if (error == 0)
have_interp = TRUE;
}
if (!have_interp && newinterp != NULL &&
(brand_info->interp_path == NULL ||
strcmp(interp, brand_info->interp_path) == 0)) {
error = __elfN(load_file)(imgp->proc, newinterp, &addr,
&imgp->entry_addr);
if (error == 0)
have_interp = TRUE;
}
if (!have_interp) {
error = __elfN(load_file)(imgp->proc, interp, &addr,
&imgp->entry_addr);
}
vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY); vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
if (error != 0) { if (error != 0)
uprintf("ELF interpreter %s not found, error %d\n",
interp, error);
goto ret; goto ret;
}
} else } else
addr = et_dyn_addr; addr = et_dyn_addr;
/* /*
* Construct auxargs table (used by the fixup routine) * Construct auxargs table (used by the fixup routine)
*/ */
elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK); elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK);
elf_auxargs->execfd = -1; elf_auxargs->execfd = -1;
▲ Show 20 LinesShow All 1,456 LinesShow Last 20 Lines