diff options
| author | Domagoj Stolfa <domagoj.stolfa@gmail.com> | 2021-06-17 17:35:33 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2021-06-17 17:52:32 +0000 |
| commit | a877965fa3da218bceaaa0f51c4d7770e64e6df0 (patch) | |
| tree | b6f624c2aa0b054b814128282a8c22836130366b /cddl/contrib/opensolaris/lib | |
| parent | 0247c33e89adaf0c7159b847ef7bae9566e55395 (diff) | |
| download | src-a877965fa3da218bceaaa0f51c4d7770e64e6df0.tar.gz src-a877965fa3da218bceaaa0f51c4d7770e64e6df0.zip | |
dtrace: fix an out of bound read and a NULL pointer increment
In dt_cc.c when the provider is an empty string, accessing
strlen(pdp->dtpd_provider) - 1 will result in a pdp->dtpd_provider[-1]
access.
Similarly, in dt_ident.c, if p2 is a NULL pointer, doing a p2++ on it is
undefined behaviour.
Reviewed by: markj
MFC after: 1 week
Sponsored by: Google
Differential Revision: https://reviews.freebsd.org/D30778
Diffstat (limited to 'cddl/contrib/opensolaris/lib')
| -rw-r--r-- | cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c | 6 | ||||
| -rw-r--r-- | cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c index 8ec5dd61b8ee..e63771c91e08 100644 --- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c +++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_cc.c @@ -1691,6 +1691,7 @@ dt_setcontext(dtrace_hdl_t *dtp, dtrace_probedesc_t *pdp) dt_ident_t *idp; char attrstr[8]; int err; + size_t prov_len; /* * Both kernel and pid based providers are allowed to have names @@ -1704,7 +1705,10 @@ dt_setcontext(dtrace_hdl_t *dtp, dtrace_probedesc_t *pdp) * On an error, dt_pid_create_probes() will set the error message * and tag -- we just have to longjmp() out of here. */ - if (isdigit(pdp->dtpd_provider[strlen(pdp->dtpd_provider) - 1]) && + + prov_len = strlen(pdp->dtpd_provider); + + if ((prov_len > 0 && isdigit(pdp->dtpd_provider[prov_len - 1])) && ((pvp = dt_provider_lookup(dtp, pdp->dtpd_provider)) == NULL || pvp->pv_desc.dtvd_priv.dtpp_flags & DTRACE_PRIV_PROC) && dt_pid_create_probes(pdp, dtp, yypcb) != 0) { diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c index b9164ac26cf9..5ff772be041d 100644 --- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c +++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_ident.c @@ -210,8 +210,10 @@ dt_idcook_func(dt_node_t *dnp, dt_ident_t *idp, int argc, dt_node_t *args) } } - for (p2 = strchr(p2, ','); p2++ != NULL; i++) + for (p2 = strchr(p2, ','); p2 != NULL; i++) { + p2++; p2 = strchr(p2, ','); + } /* * We first allocate a new ident signature structure with the |