genodeSources: patch to detect session_label failures

Throw an exception if destructive truncation is detected in Session_label.
2020-11-07 13:59:19 +01:00 · 2020-11-07 13:59:19 +01:00 · a1f9effb3c
parent 19ab414671
commit a1f9effb3c
2 changed files with 101 additions and 1 deletions
--- a/packages/genodelabs/default.nix
+++ b/packages/genodelabs/default.nix
@ -30,7 +30,7 @@ let
      version = upstreamSources.lastModifiedDate;
      src = upstreamSources;
      nativeBuildInputs = [ expect gnumake tcl ];
-      patches = [ ./binary-labels.patch ];
+      patches = [ ./binary-labels.patch ./label-fail.patch ];
      configurePhase = ''
        patchShebangs ./tool
        substituteInPlace repos/base/etc/tools.conf \
--- a/packages/genodelabs/label-fail.patch
+++ b/packages/genodelabs/label-fail.patch
@ -0,0 +1,100 @@
+From 8e68369f31cc6d5bb41a59aff984c4ddf882d7c0 Mon Sep 17 00:00:00 2001
+From: Emery Hemingway <ehmry@posteo.net>
+Date: Sat, 7 Nov 2020 11:23:03 +0100
+Subject: [PATCH] base: fail on label truncation
+
+---
+ repos/base/include/base/session_label.h | 27 ++++++++++++++++++++++---
+ repos/base/include/util/arg_string.h    |  6 ++++++
+ 2 files changed, 30 insertions(+), 3 deletions(-)
+
+diff --git a/repos/base/include/base/session_label.h b/repos/base/include/base/session_label.h
+index d5e752d120..85034904e5 100644
+--- a/repos/base/include/base/session_label.h
+++ b/repos/base/include/base/session_label.h
+@@ -16,10 +16,14 @@
+ #define _INCLUDE__BASE__SESSION_LABEL_H_
+ 
+ #include <base/snprintf.h>
+#include <base/log.h>
+ #include <util/arg_string.h>
+ #include <util/string.h>
+ 
+-namespace Genode { struct Session_label; }
+namespace Genode {
+	struct Session_label;
+	class Label_overflow : Exception { };
+}
+ 
+ struct Genode::Session_label : String<160>
+ {
+@@ -33,6 +37,8 @@ struct Genode::Session_label : String<160>
+ 		using String = String<capacity()>;
+ 		using String::String;
+ 
+		/* TODO: String::String can still truncate and break labels */
+
+ 		/**
+ 		 * Copy constructor
+ 		 *
+@@ -41,7 +47,13 @@ struct Genode::Session_label : String<160>
+ 		 */
+ 		template <size_t N>
+ 		Session_label(Genode::String<N> const &other)
+-		: Genode::String<160>(other) { }
+		: Genode::String<160>(other)
+		{
+			if (length() < other.length()) {
+				error(__func__, " overflow - «", other, "»");
+				throw Label_overflow();
+			}
+		}
+ 
+ 		Session_label last_element() const
+ 		{
+@@ -90,8 +102,13 @@ namespace Genode {
+ 	inline Session_label label_from_args(char const *args)
+ 	{
+ 		char buf[Session_label::capacity()];
+-		Arg_string::find_arg(args, "label").string(buf, sizeof(buf), "");
+		auto arg = Arg_string::find_arg(args, "label");
+		if (Session_label::capacity() <= arg.length()) {
+			error(__func__, " overflow - «", (char const *)args, "»");
+			throw Label_overflow();
+		}
+ 
+		arg.string(buf, sizeof(buf), "");
+ 		return Session_label(Cstring(buf));
+ 	}
+ 
+@@ -103,6 +120,10 @@ namespace Genode {
+ 	                                    String<N2> const &label)
+ 	{
+ 		String<N1 + N2 + 4> const prefixed_label(prefix, " -> ", label);
+		if (Session_label::capacity() <= prefixed_label.length()) {
+			error(__func__, " overflow - «", prefix, "» - «", label, "»");
+			throw Label_overflow();
+		}
+ 		return Session_label(prefixed_label);
+ 	}
+ }
+diff --git a/repos/base/include/util/arg_string.h b/repos/base/include/util/arg_string.h
+index 610fbb16b3..48777e0c2a 100644
+--- a/repos/base/include/util/arg_string.h
+++ b/repos/base/include/util/arg_string.h
+@@ -114,6 +114,12 @@ class Genode::Arg
+ 
+ 		inline bool valid() const { return _key; }
+ 
+		size_t length() const
+		{
+			return _value.type() == Token::STRING
+				? _value.len() - 2 : _value.len();
+		}
+
+ 		unsigned long ulong_value(unsigned long default_value) const
+ 		{
+ 			unsigned long value = 0;
+-- 
+2.28.0
+