bug-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] proc: Fix pointer truncation in get_string_array

From: Samuel Thibault
Subject: Re: [PATCH] proc: Fix pointer truncation in get_string_array
Date: Wed, 21 Jun 2023 15:14:16 +0200
User-agent: NeoMutt/20170609 (1.8.3) 
Applied, thanks!

Sergey Bugaev, le mer. 21 juin 2023 13:56:38 +0300, a ecrit:
> Due to little-endianness of x86, this resulted in a 64-bit pointers that
> pointed to the lower 4 GB of the address space being treated as a 32-bit
> pointer followed by NULL, which manifested as only the first program arg
> (the argv[0]) being visible in ps output. When a pointer pointed outside
> of the lower 4 GB, this resulted in both halves being treated as invalid
> pointers, causing proc_getprocargs () to fail with KERN_INVALID_ADDRESS,
> which manifested as ps displaying COMMAND for the affected process as ?.
> 
> Found by placing all memory above the 4 GB limit, which made it apparent
> that something about fetching process command lines is seriously broken.
> 
> Before:
> 
>     USER   PID  PPID TTY     TIME COMMAND
>        0     1     1   -  0:00.00 /hurd/init
>        0     2     1   -  0:00.05 /hurd/startup
>        0     3     2   ?  0:02.80 ?
>        0     4     2   ?  0:00.00 /hurd/proc
>        0     5     2   -  0:00.08 ?
>        0     6     5   -  0:00.02 ?
>        0     7     2   -  0:00.00 /hurd/auth
>        0     9     1   -  0:00.01 /hurd/term
>        0    13     1   -  0:00.11 /hurd/mach-defpager
>        0    15     1   -  0:00.00 /bin/bash
>        0    16     5   -  0:00.00 /hurd/pflocal
>        0    18    15   -  0:00.00 /bin/sh
>        0    20    18   -  0:00.00 ps-hurd
> 
> After:
> 
>     USER   PID  PPID TTY     TIME COMMAND
>        0     1     1   -  0:00.01 /hurd/init -a
>        0     2     1   -  0:00.03 /hurd/startup --kernel-task=1 console=com0
>        0     3     2   ?  0:01.36 gnumach --kernel-task=1 console=com0
>        0     4     2   ?  0:00.00 /hurd/proc --kernel-task=1
>        0     5     2   -  0:00.06 ext2fs --multiboot-command-line=console=com0
>        0     6     5   -  0:00.00 /hurd/exec --device-master-port=1
>        0     7     2   -  0:00.02 /hurd/auth
>        0     9     1   -  0:00.00 /hurd/term /dev/console device console
>        0    13     1   -  0:00.09 /hurd/mach-defpager
>        0    15     1   -  0:00.00 /bin/bash /usr/libexec/runsystem.hurd
>        0    16     5   -  0:00.00 /hurd/pflocal
>        0    18    15   -  0:00.00 /bin/sh
>        0    19    18   -  0:00.01 ps-hurd -ef
> ---
>  proc/info.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/proc/info.c b/proc/info.c
> index d84fdd45..2d85662d 100644
> --- a/proc/info.c
> +++ b/proc/info.c
> @@ -274,7 +274,7 @@ get_string (task_t t,
>  static error_t
>  get_vector (task_t task,
>           vm_address_t addr,
> -         int **vec)
> +         vm_address_t **vec)
>  {
>    vm_address_t readaddr;
>    vm_size_t readsize;
> @@ -332,7 +332,7 @@ get_string_array (task_t t,
>                 mach_msg_type_number_t *buflen)
>  {
>    char *bp;
> -  int *vector, *vp;
> +  vm_address_t *vector, *vp;
>    error_t err;
>    vm_address_t origbuf = *buf;
>  
> -- 
> 2.41.0
> 
> 

-- 
Samuel
---
Pour une évaluation indépendante, transparente et rigoureuse !
Je soutiens la Commission d'Évaluation de l'Inria.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]