From nobody Mon Apr 08 20:26:04 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VD0wX6zsVz5Hj2L; Mon, 8 Apr 2024 20:26:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VD0wX3mmbz3ynm; Mon, 8 Apr 2024 20:26:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1712607964; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DUB2OarcR54MCcPM32qcFDvlOPQh9MHp5f4DR3Nuz4k=; b=dgOxI9bcUUw9g/QwmiL15uQ/v16H6cnts8pVTbbOe18kRuzQZHbq7S6+AkapTtLfQ84LQQ xg20J5rp6eeHJoMkJzJ1a6m1aAOuaIIo2uFJNKk3DO0HyfcknH8ygH7rRmDm3tqfBZNuBH AIVyD2DfnEydsrX7XcX+NY8PnWWjjRzHhYF894N7agACjN/IJsCJdsXXIRtcEHOjaUoczd 0vJkBbTF7GcG/oJALP9LvGTkaWQV1loNtbW3IsYW7ILurrQtr/PsWvAGDTDAuHPR/t/LsD E+zOmwtY90n3jsn9XifeuJouzAl6G2oSmniHYkThmmlNpgQPTf7kdnRKdzBFqA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1712607964; a=rsa-sha256; cv=none; b=MNYffjB6O+IWwBnja+AkubQMhzPraNsUWCsIS+3Gez9iiYBqIzmuyr1+fbSfSt1blwmr8E RYcyyKOctH9Y/q71fQTPQY0Z1b0AKSa/JXohr+obeil8KyTWl33mgW7INxDzSaj2slCgnG yVRS7arFnid1giNk2+jMtBK3jef1ye//1wRpWeaXLuI4SdQ5kmZ2rRC0GThTNXRjDHOT7/ 3vdHd2EM2U8YNXzkeBUxHWzmx9yQkcPAiBi3SCbDeLXip7uNQFkO9fOtfSJTIWbySYX+Ax Dqzy4pcnJeYtWrqFQoVsb5BDukICpf7BDHtP5SMZEvrDDhFRlcrRUAHlkOEYtQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1712607964; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DUB2OarcR54MCcPM32qcFDvlOPQh9MHp5f4DR3Nuz4k=; b=jlFMojjeBj9mcR4uFzfWOJp/wssCfC62Pp2FuGJwqOCULRzjZVxY2gZQUHzCyhbjFKwETc gDnaN0kENEdSA8TWAIuO8NAoYIHtY0NurBh1/+uZu0MDcWpiNP3rx0wN4adQis2HzrooV2 ZR1uF5tslrQG9UPtzKiXfq4JBj4jG+ruy/rvpSkfvZrg15n9vcm+qz1dskkMfhQ6qi3o7f 8F18vW8SaM2glCwjWLFmT3+VVdiy9sL57YJI6bYngrT+F3cwsJgggyfGfOK0D8/lRiYe/K uF0Hk9DwD5bbkS/BgdJLKPxZi5pUWCsN/B6hgRbJG+58q2ToYAZT3hEoZgezRQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VD0wX3M22zQGV; Mon, 8 Apr 2024 20:26:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 438KQ4jT040564; Mon, 8 Apr 2024 20:26:04 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 438KQ4vo040561; Mon, 8 Apr 2024 20:26:04 GMT (envelope-from git) Date: Mon, 8 Apr 2024 20:26:04 GMT Message-Id: <202404082026.438KQ4vo040561@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: John Baldwin Subject: git: 257f36a7dbce - stable/13 - kldxref: Properly handle reading strings near the end of an ELF file List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 257f36a7dbceda3f89c688aaedf0c56883a11f3d Auto-Submitted: auto-generated The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=257f36a7dbceda3f89c688aaedf0c56883a11f3d commit 257f36a7dbceda3f89c688aaedf0c56883a11f3d Author: John Baldwin AuthorDate: 2024-03-19 00:01:23 +0000 Commit: John Baldwin CommitDate: 2024-04-08 18:06:41 +0000 kldxref: Properly handle reading strings near the end of an ELF file If a string is at or near the end of an input file and the amount of remaining data in the file is smaller than the maximum string size, the pread(2) system call would return a short read which is treated as an error. Instead, add a new helper function for reading a string which permits short reads so long as the data read from the file contains a terminated string. Reported by: jrtc27 Reviewed by: jrtc27 Sponsored by: University of Cambridge, Google, Inc. Differential Revision: https://reviews.freebsd.org/D44419 (cherry picked from commit 785600d0fb13d6f0b4595bf4dbbc048113dda71d) --- usr.sbin/kldxref/ef.c | 9 +-------- usr.sbin/kldxref/ef.h | 4 ++++ usr.sbin/kldxref/ef_obj.c | 9 +-------- usr.sbin/kldxref/elf.c | 18 ++++++++++++++++++ 4 files changed, 24 insertions(+), 16 deletions(-) diff --git a/usr.sbin/kldxref/ef.c b/usr.sbin/kldxref/ef.c index 1ef27f2bc54a..77ddada946f2 100644 --- a/usr.sbin/kldxref/ef.c +++ b/usr.sbin/kldxref/ef.c @@ -549,7 +549,6 @@ static int ef_seg_read_string(elf_file_t ef, GElf_Addr address, size_t len, char *dest) { GElf_Off ofs; - int error; ofs = ef_get_offset(ef, address); if (ofs == 0) { @@ -559,13 +558,7 @@ ef_seg_read_string(elf_file_t ef, GElf_Addr address, size_t len, char *dest) return (EFAULT); } - error = elf_read_raw_data(ef->ef_efile, ofs, dest, len); - if (error != 0) - return (error); - if (strnlen(dest, len) == len) - return (EFAULT); - - return (0); + return (elf_read_raw_string(ef->ef_efile, ofs, dest, len)); } int diff --git a/usr.sbin/kldxref/ef.h b/usr.sbin/kldxref/ef.h index 25dc5216b169..9d3dc1b1b435 100644 --- a/usr.sbin/kldxref/ef.h +++ b/usr.sbin/kldxref/ef.h @@ -189,6 +189,10 @@ int elf_read_raw_data(struct elf_file *efile, off_t offset, void *dst, int elf_read_raw_data_alloc(struct elf_file *efile, off_t offset, size_t len, void **out); +/* Reads a single string at the given offset from an ELF file. */ +int elf_read_raw_string(struct elf_file *efile, off_t offset, char *dst, + size_t len); + /* * Read relocated data from an ELF file and return it in a * dynamically-allocated buffer. Note that no translation diff --git a/usr.sbin/kldxref/ef_obj.c b/usr.sbin/kldxref/ef_obj.c index 1274a14c10af..ac83137cd394 100644 --- a/usr.sbin/kldxref/ef_obj.c +++ b/usr.sbin/kldxref/ef_obj.c @@ -248,7 +248,6 @@ static int ef_obj_seg_read_string(elf_file_t ef, GElf_Addr address, size_t len, char *dest) { GElf_Off ofs; - int error; ofs = ef_obj_get_offset(ef, address); if (ofs == 0) { @@ -258,13 +257,7 @@ ef_obj_seg_read_string(elf_file_t ef, GElf_Addr address, size_t len, char *dest) return (EFAULT); } - error = elf_read_raw_data(ef->ef_efile, ofs, dest, len); - if (error != 0) - return (error); - if (strnlen(dest, len) == len) - return (EFAULT); - - return (0); + return (elf_read_raw_string(ef->ef_efile, ofs, dest, len)); } int diff --git a/usr.sbin/kldxref/elf.c b/usr.sbin/kldxref/elf.c index e5fe90169d2c..a93cf996ccc7 100644 --- a/usr.sbin/kldxref/elf.c +++ b/usr.sbin/kldxref/elf.c @@ -197,6 +197,24 @@ elf_read_raw_data_alloc(struct elf_file *efile, off_t offset, size_t len, return (0); } +int +elf_read_raw_string(struct elf_file *efile, off_t offset, char *dst, size_t len) +{ + ssize_t nread; + + nread = pread(efile->ef_fd, dst, len, offset); + if (nread == -1) + return (errno); + if (nread == 0) + return (EIO); + + /* A short read is ok so long as the data contains a terminator. */ + if (strnlen(dst, nread) == nread) + return (EFAULT); + + return (0); +} + int elf_read_data(struct elf_file *efile, Elf_Type type, off_t offset, size_t len, void **out)