[LTP] [PATCH v4 0/3] safe_macros: Fix undefined behaviour in vararg handling

Tudor Cretu tudor.cretu@arm.com
Wed Nov 30 16:07:35 CET 2022 

Accessing elements in an empty va_list results in undefined behaviour[0]
that can include accessing arbitrary stack memory. While typically this
doesn't raise a fault, some new more security-oriented architectures
(e.g. CHERI[1] or Morello[2]) don't allow it.

[0]: [ISO/IEC 9899:2011] Programming Languages—C, 3rd ed, paragraph 7.16.1.1
[1]: https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/
[2]: https://www.morello-project.org/

v4..v3:
  - Renamed __OPEN_NEEDS_MODE to TST_OPEN_NEEDS_MODE

v3..v2:
  - Separate the f{get,set}xattr changes into a new patch: PATCH 1/3
  - Don't remove the variadicness from safe_* wrappers anymore, but only
    read the variadic arguments in the cases where it's expected
  - Remove the changes to SAFE_* macros as they're not needed anymore
  - Add include/lapi/ipc.h to define IPC_INFO
  - define __OPEN_NEEDS_MODE similar to the conditions used in supported
    libcs (glibc, musl, uclibc, and Bionic), to be shared by both
    safe_open and safe_openat.
  - The switch case in safe_semctl is the same as the one used in glibc,
    and functionally similar to the one used in Musl. Bionic and uclibc
    don't have a similar switch case, they read the union semun vararg
    unconditionally.
  - Tested with both glibc and Musl

v2..v1:
  - PATCH 1: Remove the NULL argument for mode from SAFE_OPEN instances
    to avoid the pointer to int conversion.

Tudor Cretu (3):
  syscalls/f{get,set}xattr: Don't pass a pointer to mode argument in
    open
  safe_open, safe_openat: Fix undefined behaviour in vararg handling
  safe_semctl: Fix undefined behaviour in vararg handling

 include/lapi/fcntl.h                          |  3 +++
 include/lapi/ipc.h                            | 14 +++++++++++
 lib/safe_macros.c                             | 21 +++++++++--------
 lib/tst_safe_file_at.c                        | 13 +++++++----
 lib/tst_safe_sysv_ipc.c                       | 23 +++++++++++++------
 .../kernel/syscalls/fgetxattr/fgetxattr01.c   |  2 +-
 .../kernel/syscalls/fgetxattr/fgetxattr02.c   |  2 +-
 .../kernel/syscalls/fgetxattr/fgetxattr03.c   |  2 +-
 .../kernel/syscalls/fsetxattr/fsetxattr01.c   |  2 +-
 .../kernel/syscalls/fsetxattr/fsetxattr02.c   |  2 +-
 10 files changed, 58 insertions(+), 26 deletions(-)
 create mode 100644 include/lapi/ipc.h

-- 
2.25.1

More information about the ltp mailing list