Patch: Detect destroyed argument buffers at Env::session

This commit is contained in:
Emery Hemingway 2021-02-10 14:20:02 +01:00
parent 4c73e12974
commit 18e59cd590
1 changed files with 33 additions and 3 deletions

View File

@ -1,7 +1,7 @@
From 8e68369f31cc6d5bb41a59aff984c4ddf882d7c0 Mon Sep 17 00:00:00 2001
From 4250346b87b8e24a48d04ddacc77512eaa20ce0e Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Sat, 7 Nov 2020 11:23:03 +0100
Subject: [PATCH] base: fail on label truncation
Subject: [PATCH 1/2] base: fail on label truncation
---
repos/base/include/base/session_label.h | 27 ++++++++++++++++++++++---
@ -96,5 +96,35 @@ index 610fbb16b3..48777e0c2a 100644
{
unsigned long value = 0;
--
2.28.0
2.30.0
From 252c08cf61ad7feef83bd2e542465330633ba41f Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Wed, 10 Feb 2021 13:32:42 +0100
Subject: [PATCH 2/2] Detect destroyed argument buffers at Env::session
Session request arguments are silently zeroed when their length
exceedes some buffer size.
---
repos/base/src/lib/base/component.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/repos/base/src/lib/base/component.cc b/repos/base/src/lib/base/component.cc
index 568be31efb..913687ea7f 100644
--- a/repos/base/src/lib/base/component.cc
+++ b/repos/base/src/lib/base/component.cc
@@ -122,6 +122,10 @@ namespace {
Affinity const &affinity) override
{
Mutex::Guard guard(_mutex);
+ if (!args.valid_string()) {
+ error("invalid args for ", name.string(), " service request");
+ throw Service_denied();
+ }
/*
* Since we account for the backing store for session meta data on
--
2.30.0