From: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
To: libc-alpha@sourceware.org, libc-ports@sourceware.org
Subject: [PATCH v4 0/5] fix wrong program abort on __FD_ELT
Date: Sun, 14 Apr 2013 00:47:00 -0000 [thread overview]
Message-ID: <1365900451-19026-1-git-send-email-kosaki.motohiro@gmail.com> (raw)
Changes from v3 to v4
- remove _STRICT_FD_SIZE_CHECK ifdef.
- instead, always check buffersize. requested from Florian Weimer.
Changes from v2 to v3
- rebase to latest tree
- remove [PATCH 1/6] mips: fix abi sort order
- merge libc.abilist updates into [PATCH 2/4] Reinstantiate fd range check if and only if defined
Changes from v1 to v2
- disable range check for pre-2.18 applications. It's required OpenSUSE and Ubuntu.
Currently, FD_SET, FD_CLR and FD_ISSET make program abort when
passing >__FD_SETSIZE value and _FORTIFY_SOURCE is greater than 0.
However it is wrong. Linux accept BSD style dynamic fd table allocations
likes below over 10 years.
http://netbsd.gw.com/cgi-bin/man-cgi?select++NetBSD-4.0
fd_set *fdsr;
int max = fd;
fdsr = (fd_set *)calloc(howmany(max+1, NFDBITS),
sizeof(fd_mask));
if (fdsr == NULL) {
...
return (-1);
}
FD_SET(fd, fdsr);
n = select(max+1, fdsr, NULL, NULL, &tv);
...
free(fdsr);
Moreover this technique is already in use multiple applications. And unfortunately, Ubuntu turn on _FORTIFY_SOURCE=2 by default and then user can hit this issue easily if bump up RLIMIT_NOFILE.
This patch series aim to exact buffer overflow check instead of hard coded
FD_SETSIZE comparison. And after this series, an application which compiled with pre-2.18 no longer enable any boundary check for curing Ubuntu and OpenSUSE.
This series have following good characteristic.
- Cure Ubuntu and OpenSUSE too.
- Works both on stack and on heap fd_sets.
- No additional compile time swich.
Please see a diff of tst-chk1.c (i.e. No change, Just add several tests). That said, new algorithm correctly detect all usage of the testcase.
KOSAKI Motohiro (5):
__fdelt_chk: Removed range check
__FD_ELT: Implement correct buffer overflow check
update libc.abilist
tst-chk1: add fd_set dynamic allocation test
__FDS_BITS: Added cast to __fd_mask* to avoid warning.
ChangeLog | 44 ++++++++++++++
bits/select.h | 6 +-
debug/Versions | 3 +
debug/fdelt_chk.c | 17 ++++-
debug/tst-chk1.c | 63 +++++++++++++++++++-
misc/bits/select2.h | 23 ++++---
misc/sys/select.h | 6 +-
ports/ChangeLog.aarch64 | 5 ++
ports/ChangeLog.alpha | 5 ++
ports/ChangeLog.arm | 5 ++
ports/ChangeLog.ia64 | 5 ++
ports/ChangeLog.m68k | 7 ++
ports/ChangeLog.mips | 8 +++
ports/ChangeLog.powerpc | 5 ++
ports/ChangeLog.tile | 9 +++
.../unix/sysv/linux/aarch64/nptl/libc.abilist | 2 +
.../unix/sysv/linux/alpha/nptl/libc.abilist | 2 +
.../sysdeps/unix/sysv/linux/arm/nptl/libc.abilist | 2 +
.../sysdeps/unix/sysv/linux/ia64/nptl/libc.abilist | 2 +
.../sysv/linux/m68k/coldfire/nptl/libc.abilist | 2 +
.../unix/sysv/linux/m68k/m680x0/nptl/libc.abilist | 2 +
.../unix/sysv/linux/mips/mips32/nptl/libc.abilist | 2 +
.../sysv/linux/mips/mips64/n32/nptl/libc.abilist | 2 +
.../sysv/linux/mips/mips64/n64/nptl/libc.abilist | 2 +
.../powerpc/powerpc32/nofpu/nptl/libc.abilist | 2 +
.../linux/tile/tilegx/tilegx32/nptl/libc.abilist | 2 +
.../linux/tile/tilegx/tilegx64/nptl/libc.abilist | 2 +
.../unix/sysv/linux/tile/tilepro/nptl/libc.abilist | 2 +
sysdeps/unix/sysv/linux/i386/nptl/libc.abilist | 2 +
.../linux/powerpc/powerpc32/fpu/nptl/libc.abilist | 2 +
.../sysv/linux/powerpc/powerpc64/nptl/libc.abilist | 2 +
.../unix/sysv/linux/s390/s390-32/nptl/libc.abilist | 2 +
.../unix/sysv/linux/s390/s390-64/nptl/libc.abilist | 2 +
sysdeps/unix/sysv/linux/sh/nptl/libc.abilist | 2 +
.../sysv/linux/sparc/sparc32/nptl/libc.abilist | 2 +
.../sysv/linux/sparc/sparc64/nptl/libc.abilist | 2 +
.../unix/sysv/linux/x86_64/64/nptl/libc.abilist | 2 +
.../unix/sysv/linux/x86_64/x32/nptl/libc.abilist | 2 +
sysdeps/x86/bits/select.h | 6 +-
39 files changed, 239 insertions(+), 24 deletions(-)
next reply other threads:[~2013-04-14 0:47 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-14 0:47 KOSAKI Motohiro [this message]
2013-04-14 0:47 ` [PATCH 2/5] __FD_ELT: Implement correct buffer overflow check KOSAKI Motohiro
2013-05-01 2:42 ` Carlos O'Donell
2013-05-01 6:28 ` KOSAKI Motohiro
2013-05-01 14:42 ` Carlos O'Donell
2013-05-01 20:32 ` KOSAKI Motohiro
2013-05-03 3:15 ` Carlos O'Donell
2013-05-01 20:11 ` KOSAKI Motohiro
2013-05-03 3:15 ` Carlos O'Donell
2013-04-14 0:47 ` [PATCH 5/5] __FDS_BITS: Added cast to __fd_mask* to avoid warning KOSAKI Motohiro
2013-05-01 2:44 ` Carlos O'Donell
2013-04-14 0:47 ` [PATCH 3/5] update libc.abilist KOSAKI Motohiro
2013-04-14 0:47 ` [PATCH 1/5] __fdelt_chk: Removed range check KOSAKI Motohiro
2013-05-01 2:25 ` Carlos O'Donell
2013-05-01 6:40 ` KOSAKI Motohiro
2013-05-01 14:45 ` Carlos O'Donell
2013-05-01 22:13 ` KOSAKI Motohiro
2013-05-03 2:52 ` Carlos O'Donell
2013-04-14 0:47 ` [PATCH 4/5] tst-chk1: add fd_set dynamic allocation test KOSAKI Motohiro
2013-05-01 2:44 ` Carlos O'Donell
2013-05-01 6:29 ` KOSAKI Motohiro
2013-05-01 3:08 ` [PATCH v4 0/5] fix wrong program abort on __FD_ELT Carlos O'Donell
2013-05-01 5:31 ` KOSAKI Motohiro
2013-05-01 14:38 ` Carlos O'Donell
2013-05-01 22:21 ` KOSAKI Motohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1365900451-19026-1-git-send-email-kosaki.motohiro@gmail.com \
--to=kosaki.motohiro@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=libc-ports@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).