diff options
| author | Domagoj Stolfa <domagoj.stolfa@gmail.com> | 2021-06-17 17:35:33 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2021-06-24 13:04:54 +0000 |
| commit | 1bf7ee1ab5df1c0b8083f8f3b63037c1d72af387 (patch) | |
| tree | 414bdf382ad9805baf1514f9ffe83e80e0b4182e | |
| parent | d16b938e734363457225ff92cef68301cbad0fce (diff) | |
| download | src-1bf7ee1ab5df1c0b8083f8f3b63037c1d72af387.tar.gz src-1bf7ee1ab5df1c0b8083f8f3b63037c1d72af387.zip | |
dtrace: fix an out of bound read and a NULL pointer increment
In dt_cc.c when the provider is an empty string, accessing
strlen(pdp->dtpd_provider) - 1 will result in a pdp->dtpd_provider[-1]
access.
Similarly, in dt_ident.c, if p2 is a NULL pointer, doing a p2++ on it is
undefined behaviour.
Reviewed by: markj
Sponsored by: Google
(cherry picked from commit a877965fa3da218bceaaa0f51c4d7770e64e6df0)
| -rw-r--r-- | cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c | 6 | ||||
| -rw-r--r-- | cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c index 8ec5dd61b8ee..e63771c91e08 100644 --- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c +++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c @@ -1691,6 +1691,7 @@ dt_setcontext(dtrace_hdl_t *dtp, dtrace_probedesc_t *pdp) dt_ident_t *idp; char attrstr[8]; int err; + size_t prov_len; /* * Both kernel and pid based providers are allowed to have names @@ -1704,7 +1705,10 @@ dt_setcontext(dtrace_hdl_t *dtp, dtrace_probedesc_t *pdp) * On an error, dt_pid_create_probes() will set the error message * and tag -- we just have to longjmp() out of here. */ - if (isdigit(pdp->dtpd_provider[strlen(pdp->dtpd_provider) - 1]) && + + prov_len = strlen(pdp->dtpd_provider); + + if ((prov_len > 0 && isdigit(pdp->dtpd_provider[prov_len - 1])) && ((pvp = dt_provider_lookup(dtp, pdp->dtpd_provider)) == NULL || pvp->pv_desc.dtvd_priv.dtpp_flags & DTRACE_PRIV_PROC) && dt_pid_create_probes(pdp, dtp, yypcb) != 0) { diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c index b9164ac26cf9..5ff772be041d 100644 --- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c +++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c @@ -210,8 +210,10 @@ dt_idcook_func(dt_node_t *dnp, dt_ident_t *idp, int argc, dt_node_t *args) } } - for (p2 = strchr(p2, ','); p2++ != NULL; i++) + for (p2 = strchr(p2, ','); p2 != NULL; i++) { + p2++; p2 = strchr(p2, ','); + } /* * We first allocate a new ident signature structure with the |