[PATCH] proc: Fix pointer truncation in get_string

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] proc: Fix pointer truncation in get_string_array

From:	Sergey Bugaev
Subject:	[PATCH] proc: Fix pointer truncation in get_string_array
Date:	Wed, 21 Jun 2023 13:56:38 +0300

Due to little-endianness of x86, this resulted in a 64-bit pointers that
pointed to the lower 4 GB of the address space being treated as a 32-bit
pointer followed by NULL, which manifested as only the first program arg
(the argv[0]) being visible in ps output. When a pointer pointed outside
of the lower 4 GB, this resulted in both halves being treated as invalid
pointers, causing proc_getprocargs () to fail with KERN_INVALID_ADDRESS,
which manifested as ps displaying COMMAND for the affected process as ?.

Found by placing all memory above the 4 GB limit, which made it apparent
that something about fetching process command lines is seriously broken.

Before:

    USER   PID  PPID TTY     TIME COMMAND
       0     1     1   -  0:00.00 /hurd/init
       0     2     1   -  0:00.05 /hurd/startup
       0     3     2   ?  0:02.80 ?
       0     4     2   ?  0:00.00 /hurd/proc
       0     5     2   -  0:00.08 ?
       0     6     5   -  0:00.02 ?
       0     7     2   -  0:00.00 /hurd/auth
       0     9     1   -  0:00.01 /hurd/term
       0    13     1   -  0:00.11 /hurd/mach-defpager
       0    15     1   -  0:00.00 /bin/bash
       0    16     5   -  0:00.00 /hurd/pflocal
       0    18    15   -  0:00.00 /bin/sh
       0    20    18   -  0:00.00 ps-hurd

After:

    USER   PID  PPID TTY     TIME COMMAND
       0     1     1   -  0:00.01 /hurd/init -a
       0     2     1   -  0:00.03 /hurd/startup --kernel-task=1 console=com0
       0     3     2   ?  0:01.36 gnumach --kernel-task=1 console=com0
       0     4     2   ?  0:00.00 /hurd/proc --kernel-task=1
       0     5     2   -  0:00.06 ext2fs --multiboot-command-line=console=com0
       0     6     5   -  0:00.00 /hurd/exec --device-master-port=1
       0     7     2   -  0:00.02 /hurd/auth
       0     9     1   -  0:00.00 /hurd/term /dev/console device console
       0    13     1   -  0:00.09 /hurd/mach-defpager
       0    15     1   -  0:00.00 /bin/bash /usr/libexec/runsystem.hurd
       0    16     5   -  0:00.00 /hurd/pflocal
       0    18    15   -  0:00.00 /bin/sh
       0    19    18   -  0:00.01 ps-hurd -ef
---
 proc/info.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/proc/info.c b/proc/info.c
index d84fdd45..2d85662d 100644
--- a/proc/info.c
+++ b/proc/info.c
@@ -274,7 +274,7 @@ get_string (task_t t,
 static error_t
 get_vector (task_t task,
            vm_address_t addr,
-           int **vec)
+           vm_address_t **vec)
 {
   vm_address_t readaddr;
   vm_size_t readsize;
@@ -332,7 +332,7 @@ get_string_array (task_t t,
                  mach_msg_type_number_t *buflen)
 {
   char *bp;
-  int *vector, *vp;
+  vm_address_t *vector, *vp;
   error_t err;
   vm_address_t origbuf = *buf;
 
-- 
2.41.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] proc: Fix pointer truncation in get_string_array, Sergey Bugaev <=
- Re: [PATCH] proc: Fix pointer truncation in get_string_array, Samuel Thibault, 2023/06/21

Prev by Date: Re: [PATCH] maint: Add empty "check" target.
Next by Date: Re: [PATCH] proc: Fix pointer truncation in get_string_array
Previous by thread: [PATCH] maint: Add empty "check" target.
Next by thread: Re: [PATCH] proc: Fix pointer truncation in get_string_array
Index(es):
- Date
- Thread