Page MenuHomeFreeBSD
Differential D39347

cap_dns, cap_net: fix host and service buffer handling
ClosedPublic
Actions

Authored by vangyzen on Mar 30 2023, 10:18 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 27 2024, 1:13 AM
Unknown Object (File)
Sep 23 2024, 4:21 AM
Unknown Object (File)
Sep 19 2024, 6:28 PM
Unknown Object (File)
Sep 19 2024, 2:29 AM
Unknown Object (File)
Sep 18 2024, 10:09 AM
Unknown Object (File)
Sep 8 2024, 4:49 PM
Unknown Object (File)
Sep 8 2024, 7:16 AM
Unknown Object (File)
Aug 15 2024, 12:07 PM
View All 22 Files
Subscribers
badger
dab
emaste
imp

Details

Reviewers
oshogbo
emaste
Group Reviewers
capsicum
security
Commits
rG179bffddf530: cap_dns, cap_net: fix host and service buffer handling
Summary

If a malicious casper process sent a host or service string that was
too long, cap_getnameinfo would overrun the caller's buffer by one byte.

The backends for this function needlessly allocated one extra byte
for these buffers. This was harmless, but could be confusing to readers.

Reported by: Coverity
MFC after: 1 week
Sponsored by: Dell EMC Isilon

Test Plan
$ kyua debug net_test:capnet__getnameinfo_overflow
net_test:capnet__getnameinfo_overflow  ->  passed

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

vangyzen created this revision.Mar 30 2023, 10:18 PM
Herald added subscribers: dab, badger, imp. · View Herald TranscriptMar 30 2023, 10:18 PM
vangyzen requested review of this revision.Mar 30 2023, 10:18 PM
Harbormaster completed remote builds in B50684: Diff 119682.Mar 30 2023, 10:18 PM
guest-patmaddox added a subscriber: guest-patmaddox.Mar 31 2023, 5:54 AM
vangyzen added reviewers: capsicum, security.Apr 4 2023, 5:18 PM
emaste added a subscriber: emaste.Apr 4 2023, 5:36 PM

please add the CID to the commit message

emaste added a comment.Apr 4 2023, 5:40 PM

(unless this is not from Coverity Scan's FreeBSD report)

oshogbo accepted this revision as: capsicum, oshogbo.Apr 4 2023, 6:18 PM

LGTM.
Nice catch.

This revision is now accepted and ready to land.Apr 4 2023, 6:18 PM
emaste accepted this revision.Apr 4 2023, 6:20 PM
vangyzen added a comment.Apr 4 2023, 7:24 PM

please add the CID to the commit message
(unless this is not from Coverity Scan's FreeBSD report)

It's from an internal run at Dell (Isilon). Oddly enough, I can't find this issue in the public FreeBSD report.

Thanks for the reviews, folks.

Closed by commit rG179bffddf530: cap_dns, cap_net: fix host and service buffer handling (authored by vangyzen). · Explain WhyApr 4 2023, 7:29 PM
This revision was automatically updated to reflect the committed changes.
vangyzen added a commit: rG179bffddf530: cap_dns, cap_net: fix host and service buffer handling.
guest-patmaddox removed a subscriber: guest-patmaddox.Jul 29 2023, 5:38 AM

Revision Contents
Changeset List

PathSize
lib/
libcasper/
services/
cap_dns/
8 lines
cap_net/
8 lines
tests/
43 lines

Diff 119850

View Options

lib/libcasper/services/cap_dns/cap_dns.c

Loading...
View Options

lib/libcasper/services/cap_net/cap_net.c

Loading...
View Options

lib/libcasper/services/cap_net/tests/net_test.c

Loading...