2
0
Fork 0

genodeSources: patch to detect session_label failures

Throw an exception if destructive truncation is detected in Session_label.
llvm-11
Emery Hemingway 2 years ago
parent 19ab414671
commit a1f9effb3c
  1. 2
      packages/genodelabs/default.nix
  2. 100
      packages/genodelabs/label-fail.patch

@ -30,7 +30,7 @@ let
version = upstreamSources.lastModifiedDate;
src = upstreamSources;
nativeBuildInputs = [ expect gnumake tcl ];
patches = [ ./binary-labels.patch ];
patches = [ ./binary-labels.patch ./label-fail.patch ];
configurePhase = ''
patchShebangs ./tool
substituteInPlace repos/base/etc/tools.conf \

@ -0,0 +1,100 @@
From 8e68369f31cc6d5bb41a59aff984c4ddf882d7c0 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Sat, 7 Nov 2020 11:23:03 +0100
Subject: [PATCH] base: fail on label truncation
---
repos/base/include/base/session_label.h | 27 ++++++++++++++++++++++---
repos/base/include/util/arg_string.h | 6 ++++++
2 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/repos/base/include/base/session_label.h b/repos/base/include/base/session_label.h
index d5e752d120..85034904e5 100644
--- a/repos/base/include/base/session_label.h
+++ b/repos/base/include/base/session_label.h
@@ -16,10 +16,14 @@
#define _INCLUDE__BASE__SESSION_LABEL_H_
#include <base/snprintf.h>
+#include <base/log.h>
#include <util/arg_string.h>
#include <util/string.h>
-namespace Genode { struct Session_label; }
+namespace Genode {
+ struct Session_label;
+ class Label_overflow : Exception { };
+}
struct Genode::Session_label : String<160>
{
@@ -33,6 +37,8 @@ struct Genode::Session_label : String<160>
using String = String<capacity()>;
using String::String;
+ /* TODO: String::String can still truncate and break labels */
+
/**
* Copy constructor
*
@@ -41,7 +47,13 @@ struct Genode::Session_label : String<160>
*/
template <size_t N>
Session_label(Genode::String<N> const &other)
- : Genode::String<160>(other) { }
+ : Genode::String<160>(other)
+ {
+ if (length() < other.length()) {
+ error(__func__, " overflow - «", other, "»");
+ throw Label_overflow();
+ }
+ }
Session_label last_element() const
{
@@ -90,8 +102,13 @@ namespace Genode {
inline Session_label label_from_args(char const *args)
{
char buf[Session_label::capacity()];
- Arg_string::find_arg(args, "label").string(buf, sizeof(buf), "");
+ auto arg = Arg_string::find_arg(args, "label");
+ if (Session_label::capacity() <= arg.length()) {
+ error(__func__, " overflow - «", (char const *)args, "»");
+ throw Label_overflow();
+ }
+ arg.string(buf, sizeof(buf), "");
return Session_label(Cstring(buf));
}
@@ -103,6 +120,10 @@ namespace Genode {
String<N2> const &label)
{
String<N1 + N2 + 4> const prefixed_label(prefix, " -> ", label);
+ if (Session_label::capacity() <= prefixed_label.length()) {
+ error(__func__, " overflow - «", prefix, "» - «", label, "»");
+ throw Label_overflow();
+ }
return Session_label(prefixed_label);
}
}
diff --git a/repos/base/include/util/arg_string.h b/repos/base/include/util/arg_string.h
index 610fbb16b3..48777e0c2a 100644
--- a/repos/base/include/util/arg_string.h
+++ b/repos/base/include/util/arg_string.h
@@ -114,6 +114,12 @@ class Genode::Arg
inline bool valid() const { return _key; }
+ size_t length() const
+ {
+ return _value.type() == Token::STRING
+ ? _value.len() - 2 : _value.len();
+ }
+
unsigned long ulong_value(unsigned long default_value) const
{
unsigned long value = 0;
--
2.28.0
Loading…
Cancel
Save