This is an archive of the discontinued LLVM Phabricator instance.

Differential D149403

[sanitizer] Remove crypt and crypt_r interceptors
ClosedPublic

Authored by MaskRay on Apr 27 2023, 8:15 PM.

Details

Reviewers
eugenis
fweimer
thesamesam
vitalybuka
Group Reviewers
Restricted Project
Commits
rGd7bead833631: [sanitizer] Remove crypt and crypt_r interceptors
Summary

From Florian Weimer's D144073

On GNU/Linux (glibc), the crypt and crypt_r functions are not part of the main shared object (libc.so.6), but libcrypt (with multiple possible sonames). The sanitizer libraries do not depend on libcrypt, so it can happen that during sanitizer library initialization, no real implementation will be found because the crypt, crypt_r functions are not present in the process image (yet). If its interceptors are called nevertheless, this results in a call through a null pointer when the sanitizer library attempts to forward the call to the real implementation.

Many distributions have already switched to libxcrypt, a library that is separate from glibc and that can be build with sanitizers directly (avoiding the need for interceptors). This patch disables building the interceptor for glibc targets.

Let's remove crypt and crypt_r interceptors (D68431) to fix issues with
newer glibc.

For older glibc, msan will not know that an uninstrumented crypt_r call
initializes data, so there is a risk for false positives. However, with some
codebase survey, I think crypt_r uses are very few and the call sites typically
have a memset(&data, 0, sizeof(data)); anyway.

Fix https://github.com/google/sanitizers/issues/1365
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2169432

Diff Detail

Event Timeline

MaskRay created this revision.Apr 27 2023, 8:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 27 2023, 8:15 PM
Herald added a subscriber: Enna1. · View Herald Transcript
MaskRay requested review of this revision.Apr 27 2023, 8:15 PM
Herald added a project: Restricted Project. · View Herald TranscriptApr 27 2023, 8:15 PM
MaskRay updated this revision to Diff 517780.Apr 27 2023, 8:17 PM

remove Posix/crypt.cpp

thesamesam added a comment.Apr 27 2023, 8:24 PM

This loses us coverage on musl and other libcs, unfortunately. musl will be keeping crypt indefinitely, although it does "support" overriding/interposition as well w/ libxcrypt (even if it's somewhat discouraged). But I'm also not sure how we can actually prevent that, so right now, sanitizing crypt at all is dangerous (c.f. the bugs @fweimer shared).

I agree it's cleaner to drop it entirely, the crypt situation is special.

thesamesam accepted this revision.Apr 27 2023, 8:24 PM
This revision is now accepted and ready to land.Apr 27 2023, 8:24 PM
fweimer accepted this revision.Apr 27 2023, 10:17 PM
vitalybuka accepted this revision.Apr 27 2023, 10:19 PM
This revision was landed with ongoing or failed builds.Apr 28 2023, 9:59 AM
Closed by commit rGd7bead833631: [sanitizer] Remove crypt and crypt_r interceptors (authored by MaskRay). · Explain Why
This revision was automatically updated to reflect the committed changes.
MaskRay added a commit: rGd7bead833631: [sanitizer] Remove crypt and crypt_r interceptors.

Revision Contents

PathSize
compiler-rt/
lib/
sanitizer_common/
37 lines
2 lines
1 line
8 lines
test/
sanitizer_common/
TestCases/
Linux/
Posix/

Diff 517971

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 10,080 Lines▼ Show 20 LinesINTERCEPTOR(SSIZE_T, getrandom, void *buf, SIZE_T buflen, unsigned int flags) {
} }
return n; return n;
} }
#define INIT_GETRANDOM COMMON_INTERCEPT_FUNCTION(getrandom) #define INIT_GETRANDOM COMMON_INTERCEPT_FUNCTION(getrandom)
#else #else
#define INIT_GETRANDOM #define INIT_GETRANDOM
#endif #endif
#if SANITIZER_INTERCEPT_CRYPT
INTERCEPTOR(char *, crypt, char *key, char *salt) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, crypt, key, salt);
COMMON_INTERCEPTOR_READ_RANGE(ctx, key, internal_strlen(key) + 1);
COMMON_INTERCEPTOR_READ_RANGE(ctx, salt, internal_strlen(salt) + 1);
char *res = REAL(crypt)(key, salt);
if (res != nullptr)
COMMON_INTERCEPTOR_INITIALIZE_RANGE(res, internal_strlen(res) + 1);
return res;
}
#define INIT_CRYPT COMMON_INTERCEPT_FUNCTION(crypt);
#else
#define INIT_CRYPT
#endif
#if SANITIZER_INTERCEPT_CRYPT_R
INTERCEPTOR(char *, crypt_r, char *key, char *salt, void *data) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, crypt_r, key, salt, data);
COMMON_INTERCEPTOR_READ_RANGE(ctx, key, internal_strlen(key) + 1);
COMMON_INTERCEPTOR_READ_RANGE(ctx, salt, internal_strlen(salt) + 1);
char *res = REAL(crypt_r)(key, salt, data);
if (res != nullptr) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, data,
__sanitizer::struct_crypt_data_sz);
COMMON_INTERCEPTOR_INITIALIZE_RANGE(res, internal_strlen(res) + 1);
}
return res;
}
#define INIT_CRYPT_R COMMON_INTERCEPT_FUNCTION(crypt_r);
#else
#define INIT_CRYPT_R
#endif
#if SANITIZER_INTERCEPT_GETENTROPY #if SANITIZER_INTERCEPT_GETENTROPY
INTERCEPTOR(int, getentropy, void *buf, SIZE_T buflen) { INTERCEPTOR(int, getentropy, void *buf, SIZE_T buflen) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, getentropy, buf, buflen); COMMON_INTERCEPTOR_ENTER(ctx, getentropy, buf, buflen);
int r = REAL(getentropy)(buf, buflen); int r = REAL(getentropy)(buf, buflen);
if (r == 0) { if (r == 0) {
COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, buflen); COMMON_INTERCEPTOR_WRITE_RANGE(ctx, buf, buflen);
} }
▲ Show 20 LinesShow All 561 Lines▼ Show 20 Lines#endif
INIT_POPENVE; INIT_POPENVE;
INIT_PCLOSE; INIT_PCLOSE;
INIT_FUNOPEN; INIT_FUNOPEN;
INIT_FUNOPEN2; INIT_FUNOPEN2;
INIT_FDEVNAME; INIT_FDEVNAME;
INIT_GETUSERSHELL; INIT_GETUSERSHELL;
INIT_SL_INIT; INIT_SL_INIT;
INIT_GETRANDOM; INIT_GETRANDOM;
INIT_CRYPT;
INIT_CRYPT_R;
INIT_GETENTROPY; INIT_GETENTROPY;
INIT_QSORT; INIT_QSORT;
INIT_QSORT_R; INIT_QSORT_R;
INIT_BSEARCH; INIT_BSEARCH;
INIT_SIGALTSTACK; INIT_SIGALTSTACK;
INIT_PROCCTL INIT_PROCCTL
INIT_UNAME; INIT_UNAME;
INIT___XUNAME; INIT___XUNAME;
INIT_HEXDUMP; INIT_HEXDUMP;
INIT_ARGP_PARSE; INIT_ARGP_PARSE;
INIT___PRINTF_CHK; INIT___PRINTF_CHK;
} }

compiler-rt/lib/sanitizer_common/sanitizer_platform_interceptors.h

Show First 20 LinesShow All 563 Lines▼ Show 20 Lines
#define SANITIZER_INTERCEPT_PCLOSE SI_POSIX #define SANITIZER_INTERCEPT_PCLOSE SI_POSIX
#define SANITIZER_INTERCEPT_FUNOPEN (SI_NETBSD || SI_FREEBSD) #define SANITIZER_INTERCEPT_FUNOPEN (SI_NETBSD || SI_FREEBSD)
#define SANITIZER_INTERCEPT_FUNOPEN2 SI_NETBSD #define SANITIZER_INTERCEPT_FUNOPEN2 SI_NETBSD
#define SANITIZER_INTERCEPT_GETFSENT (SI_FREEBSD || SI_NETBSD || SI_MAC) #define SANITIZER_INTERCEPT_GETFSENT (SI_FREEBSD || SI_NETBSD || SI_MAC)
#define SANITIZER_INTERCEPT_ARC4RANDOM (SI_FREEBSD || SI_NETBSD || SI_MAC) #define SANITIZER_INTERCEPT_ARC4RANDOM (SI_FREEBSD || SI_NETBSD || SI_MAC)
#define SANITIZER_INTERCEPT_FDEVNAME SI_FREEBSD #define SANITIZER_INTERCEPT_FDEVNAME SI_FREEBSD
#define SANITIZER_INTERCEPT_GETUSERSHELL (SI_POSIX && !SI_ANDROID) #define SANITIZER_INTERCEPT_GETUSERSHELL (SI_POSIX && !SI_ANDROID)
#define SANITIZER_INTERCEPT_SL_INIT (SI_FREEBSD || SI_NETBSD) #define SANITIZER_INTERCEPT_SL_INIT (SI_FREEBSD || SI_NETBSD)
#define SANITIZER_INTERCEPT_CRYPT (SI_POSIX && !SI_ANDROID)
#define SANITIZER_INTERCEPT_CRYPT_R (SI_LINUX && !SI_ANDROID)
#define SANITIZER_INTERCEPT_GETRANDOM \ #define SANITIZER_INTERCEPT_GETRANDOM \
((SI_LINUX && __GLIBC_PREREQ(2, 25)) || SI_FREEBSD) ((SI_LINUX && __GLIBC_PREREQ(2, 25)) || SI_FREEBSD)
#define SANITIZER_INTERCEPT___CXA_ATEXIT SI_NETBSD #define SANITIZER_INTERCEPT___CXA_ATEXIT SI_NETBSD
#define SANITIZER_INTERCEPT_ATEXIT SI_NETBSD #define SANITIZER_INTERCEPT_ATEXIT SI_NETBSD
#define SANITIZER_INTERCEPT_PTHREAD_ATFORK SI_NETBSD #define SANITIZER_INTERCEPT_PTHREAD_ATFORK SI_NETBSD
#define SANITIZER_INTERCEPT_GETENTROPY SI_FREEBSD #define SANITIZER_INTERCEPT_GETENTROPY SI_FREEBSD
#define SANITIZER_INTERCEPT_QSORT \ #define SANITIZER_INTERCEPT_QSORT \
Show All 37 Lines

compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.h

Show First 20 LinesShow All 303 Lines▼ Show 20 Lines
}; };
#endif #endif
#if SANITIZER_LINUX && !SANITIZER_ANDROID #if SANITIZER_LINUX && !SANITIZER_ANDROID
extern unsigned struct_msqid_ds_sz; extern unsigned struct_msqid_ds_sz;
extern unsigned struct_mq_attr_sz; extern unsigned struct_mq_attr_sz;
extern unsigned struct_timex_sz; extern unsigned struct_timex_sz;
extern unsigned struct_statvfs_sz; extern unsigned struct_statvfs_sz;
extern unsigned struct_crypt_data_sz;
#endif // SANITIZER_LINUX && !SANITIZER_ANDROID #endif // SANITIZER_LINUX && !SANITIZER_ANDROID
struct __sanitizer_iovec { struct __sanitizer_iovec {
void *iov_base; void *iov_base;
uptr iov_len; uptr iov_len;
}; };
#if !SANITIZER_ANDROID #if !SANITIZER_ANDROID
▲ Show 20 LinesShow All 1,185 LinesShow Last 20 Lines

compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.cpp

Show First 20 LinesShow All 171 Lines▼ Show 20 Lines
#endif #endif
// Include these after system headers to avoid name clashes and ambiguities. // Include these after system headers to avoid name clashes and ambiguities.
# include "sanitizer_common.h" # include "sanitizer_common.h"
# include "sanitizer_internal_defs.h" # include "sanitizer_internal_defs.h"
# include "sanitizer_platform_interceptors.h" # include "sanitizer_platform_interceptors.h"
# include "sanitizer_platform_limits_posix.h" # include "sanitizer_platform_limits_posix.h"
#if SANITIZER_INTERCEPT_CRYPT_R
#include <crypt.h>
#endif
namespace __sanitizer { namespace __sanitizer {
unsigned struct_utsname_sz = sizeof(struct utsname); unsigned struct_utsname_sz = sizeof(struct utsname);
unsigned struct_stat_sz = sizeof(struct stat); unsigned struct_stat_sz = sizeof(struct stat);
#if SANITIZER_HAS_STAT64 #if SANITIZER_HAS_STAT64
unsigned struct_stat64_sz = sizeof(struct stat64); unsigned struct_stat64_sz = sizeof(struct stat64);
#endif // SANITIZER_HAS_STAT64 #endif // SANITIZER_HAS_STAT64
unsigned struct_rusage_sz = sizeof(struct rusage); unsigned struct_rusage_sz = sizeof(struct rusage);
unsigned struct_tm_sz = sizeof(struct tm); unsigned struct_tm_sz = sizeof(struct tm);
▲ Show 20 LinesShow All 103 Lines▼ Show 20 Lines
# else # else
# error Unknown size of struct ustat # error Unknown size of struct ustat
# endif # endif
unsigned struct_ustat_sz = SIZEOF_STRUCT_USTAT; unsigned struct_ustat_sz = SIZEOF_STRUCT_USTAT;
unsigned struct_rlimit64_sz = sizeof(struct rlimit64); unsigned struct_rlimit64_sz = sizeof(struct rlimit64);
unsigned struct_statvfs64_sz = sizeof(struct statvfs64); unsigned struct_statvfs64_sz = sizeof(struct statvfs64);
#endif // SANITIZER_GLIBC #endif // SANITIZER_GLIBC
#if SANITIZER_INTERCEPT_CRYPT_R
unsigned struct_crypt_data_sz = sizeof(struct crypt_data);
#endif
#if SANITIZER_LINUX && !SANITIZER_ANDROID #if SANITIZER_LINUX && !SANITIZER_ANDROID
unsigned struct_timex_sz = sizeof(struct timex); unsigned struct_timex_sz = sizeof(struct timex);
unsigned struct_msqid_ds_sz = sizeof(struct msqid_ds); unsigned struct_msqid_ds_sz = sizeof(struct msqid_ds);
unsigned struct_mq_attr_sz = sizeof(struct mq_attr); unsigned struct_mq_attr_sz = sizeof(struct mq_attr);
unsigned struct_statvfs_sz = sizeof(struct statvfs); unsigned struct_statvfs_sz = sizeof(struct statvfs);
#endif // SANITIZER_LINUX && !SANITIZER_ANDROID #endif // SANITIZER_LINUX && !SANITIZER_ANDROID
const uptr sig_ign = (uptr)SIG_IGN; const uptr sig_ign = (uptr)SIG_IGN;
▲ Show 20 LinesShow All 1,048 LinesShow Last 20 Lines

compiler-rt/test/sanitizer_common/TestCases/Linux/crypt_r.cpp

  • This file was deleted.
// RUN: %clangxx -O0 -g %s -lcrypt -o %t && %run %t
// crypt.h is missing from Android.
// UNSUPPORTED: android
#include <assert.h>
#include <unistd.h>
#include <cstring>
#include <crypt.h>
int main(int argc, char **argv) {
{
crypt_data cd;
cd.initialized = 0;
char *p = crypt_r("abcdef", "xz", &cd);
volatile size_t z = strlen(p);
}
{
crypt_data cd;
cd.initialized = 0;
char *p = crypt_r("abcdef", "$1$", &cd);
volatile size_t z = strlen(p);
}
{
crypt_data cd;
cd.initialized = 0;
char *p = crypt_r("abcdef", "$5$", &cd);
volatile size_t z = strlen(p);
}
{
crypt_data cd;
cd.initialized = 0;
char *p = crypt_r("abcdef", "$6$", &cd);
volatile size_t z = strlen(p);
}
}

compiler-rt/test/sanitizer_common/TestCases/Posix/crypt.cpp

  • This file was deleted.
// RUN: %clangxx -O0 -g %s -o %t -lcrypt && %run %t
// crypt() is missing from Android and -lcrypt from darwin.
// UNSUPPORTED: android, darwin
#include <assert.h>
#include <unistd.h>
#include <cstring>
#if __has_include(<crypt.h>)
#include <crypt.h>
#endif
int
main (int argc, char** argv)
{
{
char *p = crypt("abcdef", "xz");
volatile size_t z = strlen(p);
}
{
char *p = crypt("abcdef", "$1$");
volatile size_t z = strlen(p);
}
{
char *p = crypt("abcdef", "$5$");
volatile size_t z = strlen(p);
}
{
char *p = crypt("abcdef", "$6$");
volatile size_t z = strlen(p);
}
}
compiler-rt/lib/sanitizer_common/sanitizer_platform_limits_posix.cpp