This is an archive of the discontinued LLVM Phabricator instance.

Implement getpeername(2) interceptor
AbandonedPublic

Authored by krytarowski on Nov 3 2018, 1:53 PM.

Download Raw Diff

Details

Reviewers

vitalybuka
joerg

Summary

The previous version was incomplete.

This fixes issues detected on NetBSD.

Diff Detail

Repository: rL LLVM

Event Timeline

krytarowski created this revision.Nov 3 2018, 1:53 PM

Herald added subscribers: llvm-commits, kubamracek. · View Herald TranscriptNov 3 2018, 1:53 PM

ping

Could you please fix TEST_P(MemorySanitizerIpTest, accept) so that old version fail on poisoned addrlen?

lib/sanitizer_common/sanitizer_common_interceptors.inc
3084	Why this and previous versions need temp taddrlen?
3090	should we if (addr) COMMON_INTERCEPTOR_READ_RANGE(ctx, addrlen, sizeof(*addrlen)); before calling REAL

vitalybuka added inline comments.Nov 7 2018, 12:11 PM

lib/sanitizer_common/sanitizer_common_interceptors.inc
3090	if (addr && addrlen) COMMON_INTERCEPTOR_READ_RANGE(ctx, addrlen, sizeof(*addrlen));

krytarowski added inline comments.Nov 7 2018, 1:21 PM

lib/sanitizer_common/sanitizer_common_interceptors.inc
3084	In order to handle corner cases when addr / addrlen is passed 0.

vitalybuka added inline comments.Nov 7 2018, 2:22 PM

lib/sanitizer_common/sanitizer_common_interceptors.inc
3084	Oh, previous code used addr_sz just to store old value to do MIN(). Now behavior is very different. Also it's not clear from man, but addrlen must be != null, or it fail or crash.
3089	Looks like you are trying to fix https://github.com/google/sanitizers/issues/321, but description does not cover it. so what if sizeoff(__sanitizer_sockaddr_storage) < *addrlen

vitalybuka added inline comments.Nov 7 2018, 4:33 PM

lib/sanitizer_common/sanitizer_common_interceptors.inc
3089	maybe you should just ignore 321 for now as it's more general issue, keep FIXME and remove temps. so you can make it complete by adding "READ_RANGE(ctx, addrlen" and "WRITE_RANGE(ctx, addrlen"
3093	if (addrlen) { COMMON_INTERCEPTOR_WRITE_RANGE(ctx, addrlen, sizeof(addrlen)); if (addr) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, addr, addrlen); }

vitalybuka requested changes to this revision.Nov 19 2018, 1:26 PM

This revision now requires changes to proceed.Nov 19 2018, 1:26 PM

I'm confused with this one... unless someone will fix it earlier (maybe taking inspiration from this diff) - it's rescheduled for future on my side.

Revision Contents

Path

Size

lib/

sanitizer_common/

sanitizer_common_interceptors.inc

29 lines

Diff 172502

lib/sanitizer_common/sanitizer_common_interceptors.inc

Context not available.
	#endif	#endif

	#if SANITIZER_INTERCEPT_GETPEERNAME	#if SANITIZER_INTERCEPT_GETPEERNAME
	INTERCEPTOR(int, getpeername, int sockfd, void addr, unsigned addrlen) {	INTERCEPTOR(int, getpeername, int sockfd, void *addr,
		__sanitizer_socklen_t *addrlen) {
	void *ctx;	void *ctx;
	COMMON_INTERCEPTOR_ENTER(ctx, getpeername, sockfd, addr, addrlen);	COMMON_INTERCEPTOR_ENTER(ctx, getpeername, sockfd, addr, addrlen);
	unsigned addr_sz;	__sanitizer_socklen_t taddrlen;
		vitalybukaUnsubmitted Not Done Reply Inline Actions Why this and previous versions need temp taddrlen? vitalybuka: Why this and previous versions need temp taddrlen?
		krytarowskiAuthorUnsubmitted Not Done Reply Inline Actions In order to handle corner cases when addr / addrlen is passed 0. krytarowski: In order to handle corner cases when addr / addrlen is passed 0.
		vitalybukaUnsubmitted Not Done Reply Inline Actions Oh, previous code used addr_sz just to store old value to do MIN(). Now behavior is very different. Also it's not clear from man, but addrlen must be != null, or it fail or crash. vitalybuka: Oh, previous code used addr_sz just to store old value to do MIN(). Now behavior is very…
	if (addrlen) addr_sz = *addrlen;	if (addrlen)
	// FIXME: under ASan the call below may write to freed memory and corrupt	taddrlen = *addrlen;
	// its metadata. See	else
	// https://github.com/google/sanitizers/issues/321.	taddrlen = 0;
	int res = REAL(getpeername)(sockfd, addr, addrlen);	__sanitizer_sockaddr_storage taddr;
		vitalybukaUnsubmitted Not Done Reply Inline Actions Looks like you are trying to fix https://github.com/google/sanitizers/issues/321, but description does not cover it. so what if sizeoff(__sanitizer_sockaddr_storage) < addrlen vitalybuka:* Looks like you are trying to fix https://github.com/google/sanitizers/issues/321, but…
		vitalybukaUnsubmitted Not Done Reply Inline Actions maybe you should just ignore 321 for now as it's more general issue, keep FIXME and remove temps. so you can make it complete by adding "READ_RANGE(ctx, addrlen" and "WRITE_RANGE(ctx, addrlen" vitalybuka: maybe you should just ignore 321 for now as it's more general issue, keep FIXME and remove…
	if (!res && addr && addrlen)	int res = REAL(getpeername)(sockfd, addr ? &taddr : 0,
		vitalybukaUnsubmitted Not Done Reply Inline Actions should we if (addr) COMMON_INTERCEPTOR_READ_RANGE(ctx, addrlen, sizeof(addrlen)); before calling REAL vitalybuka:* should we ``` if (addr) COMMON_INTERCEPTOR_READ_RANGE(ctx, addrlen, sizeof(*addrlen)); ```…
		vitalybukaUnsubmitted Not Done Reply Inline Actions if (addr && addrlen) COMMON_INTERCEPTOR_READ_RANGE(ctx, addrlen, sizeof(addrlen)); vitalybuka:* ``` if (addr && addrlen) COMMON_INTERCEPTOR_READ_RANGE(ctx, addrlen, sizeof(*addrlen)); ```
	COMMON_INTERCEPTOR_WRITE_RANGE(ctx, addr, Min(addr_sz, *addrlen));	addrlen ? &taddrlen : 0);
		if (!res) {
		if (addr && addrlen)
		vitalybukaUnsubmitted Not Done Reply Inline Actions if (addrlen) { COMMON_INTERCEPTOR_WRITE_RANGE(ctx, addrlen, sizeof(addrlen)); if (addr) COMMON_INTERCEPTOR_WRITE_RANGE(ctx, addr, addrlen); } vitalybuka: ``` if (addrlen) { COMMON_INTERCEPTOR_WRITE_RANGE(ctx, addrlen, sizeof(*addrlen))…
		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, addr, taddrlen);
		if (addrlen)
		COMMON_INTERCEPTOR_WRITE_RANGE(ctx, addrlen, sizeof(*addrlen));
		}
		if (addr && addrlen)
		memcpy(addr, &taddr, taddrlen);
		if (addrlen)
		*addrlen = taddrlen;
	return res;	return res;
	}	}
	#define INIT_GETPEERNAME COMMON_INTERCEPT_FUNCTION(getpeername);	#define INIT_GETPEERNAME COMMON_INTERCEPT_FUNCTION(getpeername);
Context not available.