Page MenuHomeFreeBSD

dtrace: fix an out of bound read and a NULL pointer increment
ClosedPublic

Authored by domagoj.stolfa_gmail.com on Jun 15 2021, 8:20 PM.
Tags
Referenced Files
F102798960: D30778.diff
Sun, Nov 17, 8:25 AM
Unknown Object (File)
Oct 17 2024, 6:28 PM
Unknown Object (File)
Sep 25 2024, 10:27 PM
Unknown Object (File)
Sep 17 2024, 7:49 PM
Unknown Object (File)
Sep 11 2024, 8:55 PM
Unknown Object (File)
Sep 11 2024, 8:55 PM
Unknown Object (File)
Aug 18 2024, 5:33 PM
Unknown Object (File)
Aug 16 2024, 7:02 AM
Subscribers
None

Details

Summary

In dt_cc.c when the provider is an empty string, accessing strlen(pdp->dtpd_provider) - 1 will result in a pdp->dtpd_provider[-1] access.

Similarly, in dt_ident.c, if p2 is a NULL pointer, doing a p2++ on it is undefined behaviour.

Signed-off-by: Domagoj Stolfa <domagoj.stolfa@gmail.com>
Sponsored by: Google

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c
223

I think these two lines could just be p2 = strchr(p2 + 1, ','); but I don't have a strong preference.

This revision is now accepted and ready to land.Jun 15 2021, 8:53 PM

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like and a Sponsored by: Google.

Thanks!

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like

I prefer not to since we don't have a policy around it, at least not yet. If you prefer to have it, then I'll keep it.

If there are any tags, e.g., sponsored by, please add them to the review description and I'll commit.

You can add a Signed-off-by: domagoj.stolfa@gmail.com if you'd like

I prefer not to since we don't have a policy around it, at least not yet. If you prefer to have it, then I'll keep it.

That's fine -- no need to put it in then. Just a "Sponsored by: Google" is fine :). Thanks!