From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32697 invoked by alias); 14 Apr 2013 00:47:40 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 32676 invoked by uid 89); 14 Apr 2013 00:47:40 -0000 X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_YE,TW_FD autolearn=ham version=3.3.1 X-Spam-User: qpsmtpd, 2 recipients Received: from mail-pd0-f174.google.com (HELO mail-pd0-f174.google.com) (209.85.192.174) by sourceware.org (qpsmtpd/0.84/v0.84-167-ge50287c) with ESMTP; Sun, 14 Apr 2013 00:47:39 +0000 Received: by mail-pd0-f174.google.com with SMTP id p12so1952995pdj.33 for ; Sat, 13 Apr 2013 17:47:37 -0700 (PDT) X-Received: by 10.66.102.10 with SMTP id fk10mr22111989pab.112.1365900457422; Sat, 13 Apr 2013 17:47:37 -0700 (PDT) Received: from localhost.localdomain (c-69-181-125-41.hsd1.ca.comcast.net. [69.181.125.41]) by mx.google.com with ESMTPS id ef4sm14278084pbd.38.2013.04.13.17.47.35 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 13 Apr 2013 17:47:36 -0700 (PDT) From: KOSAKI Motohiro To: libc-alpha@sourceware.org, libc-ports@sourceware.org Subject: [PATCH v4 0/5] fix wrong program abort on __FD_ELT Date: Sun, 14 Apr 2013 00:47:00 -0000 Message-Id: <1365900451-19026-1-git-send-email-kosaki.motohiro@gmail.com> X-SW-Source: 2013-04/txt/msg00051.txt.bz2 Changes from v3 to v4 - remove _STRICT_FD_SIZE_CHECK ifdef. - instead, always check buffersize. requested from Florian Weimer. Changes from v2 to v3 - rebase to latest tree - remove [PATCH 1/6] mips: fix abi sort order - merge libc.abilist updates into [PATCH 2/4] Reinstantiate fd range check if and only if defined Changes from v1 to v2 - disable range check for pre-2.18 applications. It's required OpenSUSE and Ubuntu. Currently, FD_SET, FD_CLR and FD_ISSET make program abort when passing >__FD_SETSIZE value and _FORTIFY_SOURCE is greater than 0. However it is wrong. Linux accept BSD style dynamic fd table allocations likes below over 10 years. http://netbsd.gw.com/cgi-bin/man-cgi?select++NetBSD-4.0 fd_set *fdsr; int max = fd; fdsr = (fd_set *)calloc(howmany(max+1, NFDBITS), sizeof(fd_mask)); if (fdsr == NULL) { ... return (-1); } FD_SET(fd, fdsr); n = select(max+1, fdsr, NULL, NULL, &tv); ... free(fdsr); Moreover this technique is already in use multiple applications. And unfortunately, Ubuntu turn on _FORTIFY_SOURCE=2 by default and then user can hit this issue easily if bump up RLIMIT_NOFILE. This patch series aim to exact buffer overflow check instead of hard coded FD_SETSIZE comparison. And after this series, an application which compiled with pre-2.18 no longer enable any boundary check for curing Ubuntu and OpenSUSE. This series have following good characteristic. - Cure Ubuntu and OpenSUSE too. - Works both on stack and on heap fd_sets. - No additional compile time swich. Please see a diff of tst-chk1.c (i.e. No change, Just add several tests). That said, new algorithm correctly detect all usage of the testcase. KOSAKI Motohiro (5): __fdelt_chk: Removed range check __FD_ELT: Implement correct buffer overflow check update libc.abilist tst-chk1: add fd_set dynamic allocation test __FDS_BITS: Added cast to __fd_mask* to avoid warning. ChangeLog | 44 ++++++++++++++ bits/select.h | 6 +- debug/Versions | 3 + debug/fdelt_chk.c | 17 ++++- debug/tst-chk1.c | 63 +++++++++++++++++++- misc/bits/select2.h | 23 ++++--- misc/sys/select.h | 6 +- ports/ChangeLog.aarch64 | 5 ++ ports/ChangeLog.alpha | 5 ++ ports/ChangeLog.arm | 5 ++ ports/ChangeLog.ia64 | 5 ++ ports/ChangeLog.m68k | 7 ++ ports/ChangeLog.mips | 8 +++ ports/ChangeLog.powerpc | 5 ++ ports/ChangeLog.tile | 9 +++ .../unix/sysv/linux/aarch64/nptl/libc.abilist | 2 + .../unix/sysv/linux/alpha/nptl/libc.abilist | 2 + .../sysdeps/unix/sysv/linux/arm/nptl/libc.abilist | 2 + .../sysdeps/unix/sysv/linux/ia64/nptl/libc.abilist | 2 + .../sysv/linux/m68k/coldfire/nptl/libc.abilist | 2 + .../unix/sysv/linux/m68k/m680x0/nptl/libc.abilist | 2 + .../unix/sysv/linux/mips/mips32/nptl/libc.abilist | 2 + .../sysv/linux/mips/mips64/n32/nptl/libc.abilist | 2 + .../sysv/linux/mips/mips64/n64/nptl/libc.abilist | 2 + .../powerpc/powerpc32/nofpu/nptl/libc.abilist | 2 + .../linux/tile/tilegx/tilegx32/nptl/libc.abilist | 2 + .../linux/tile/tilegx/tilegx64/nptl/libc.abilist | 2 + .../unix/sysv/linux/tile/tilepro/nptl/libc.abilist | 2 + sysdeps/unix/sysv/linux/i386/nptl/libc.abilist | 2 + .../linux/powerpc/powerpc32/fpu/nptl/libc.abilist | 2 + .../sysv/linux/powerpc/powerpc64/nptl/libc.abilist | 2 + .../unix/sysv/linux/s390/s390-32/nptl/libc.abilist | 2 + .../unix/sysv/linux/s390/s390-64/nptl/libc.abilist | 2 + sysdeps/unix/sysv/linux/sh/nptl/libc.abilist | 2 + .../sysv/linux/sparc/sparc32/nptl/libc.abilist | 2 + .../sysv/linux/sparc/sparc64/nptl/libc.abilist | 2 + .../unix/sysv/linux/x86_64/64/nptl/libc.abilist | 2 + .../unix/sysv/linux/x86_64/x32/nptl/libc.abilist | 2 + sysdeps/x86/bits/select.h | 6 +- 39 files changed, 239 insertions(+), 24 deletions(-)