This is an archive of the discontinued LLVM Phabricator instance.

Differential D99109

[dfsan] Add Origin ABI Wrappers
ClosedPublic

Authored by stephan.yichao.zhao on Mar 22 2021, 2:15 PM.

Details

Reviewers
gbalats
Summary

Supported strrchr, strrstr, strto*, recvmmsg, recrmsg, nanosleep,
memchr, snprintf, socketpair, sprintf, getocketname, getsocketopt,
gettimeofday, getpeername.

strcpy was added because the test of sprintf need it. It will be
committed by D98966. Please ignore it when reviewing.

This is a part of https://reviews.llvm.org/D95835.

Diff Detail

Unit TestsFailed

TimeTest
13,810 msx64 debian > DataFlowSanitizer-x86_64.DataFlowSanitizer-x86_64::custom.cpp

Event Timeline

stephan.yichao.zhao requested review of this revision.Mar 22 2021, 2:15 PM
stephan.yichao.zhao created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptMar 22 2021, 2:15 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
Harbormaster completed remote builds in B95086: Diff 332422.Mar 22 2021, 3:18 PM
gbalats added inline comments.Mar 22 2021, 4:25 PM
compiler-rt/lib/dfsan/dfsan_custom.cpp
1052

I assume the invariant here that differentiates this from strtol is that tmp_endptr is never null, right?
I suggest we add an assertion to make this explicit (here and in the similar functions that follow).

1058

The "xl" is a little confusing. I suggest renaming to dfsan_strtolong_label. Same for dfsan_strtolong_origin.

1078

Why is base_origin preferred over the origin of nptr? Should this be the case if both are tainted?

1082

Should this be ret_origin instead, perhaps?

1117

lable -> label

1651

Why is this not calling __dfsw_strrchr like the above cases do? This way, it's duplicating it's code.

1695

Same here.

compiler-rt/test/dfsan/custom.cpp
1347–1353

The if and else block here are the same.

1385–1391

Same here.

1525–1528

Is this required?

stephan.yichao.zhao edited the summary of this revision. (Show Details)Mar 22 2021, 5:44 PM
stephan.yichao.zhao updated this revision to Diff 332487.Mar 22 2021, 5:44 PM
stephan.yichao.zhao marked 10 inline comments as done.
stephan.yichao.zhao retitled this revision from [dfsan] Add Origin ABI Wrappers to [dfsan] Add Origin ABI Wrappers.

update

compiler-rt/lib/dfsan/dfsan_custom.cpp
1052

Added assert(tmp_endptr) before each strto* call.

1078

When multiple sources are tainted, we pick one of its origins to propagate.
Because checking base_label does not need additional computation like dfsan_read_origin_of_first_taint, we use it rather than from data pointed by nptr.
Added comments.

1082

Thank you for catching this.
Actually we do not need to assign ret_origin when *ret_label=0 since we only need to track taint labels.
So I removed this branch.

1651

I think that was trying to reduce the number of times we call strlen since calculating origin needs strlen again.
But this happens only when strict_data_dependencies = false.
The flag is true by default, it may not be worth to 'optimize' this case by duplicating code.

Changed.

compiler-rt/test/dfsan/custom.cpp
1347–1353

removed one branch. Thank you.

Harbormaster completed remote builds in B95133: Diff 332487.Mar 22 2021, 6:10 PM
gbalats accepted this revision.Mar 23 2021, 5:49 PM
This revision is now accepted and ready to land.Mar 23 2021, 5:49 PM
Jianzhou Zhao <jianzhouzh@google.com> mentioned this in rG91516925ddab: [dfsan] Add Origin ABI Wrappers.Mar 24 2021, 9:14 AM
stephan.yichao.zhao closed this revision.Mar 24 2021, 9:15 AM

submitted by https://github.com/llvm/llvm-project/commit/91516925ddab3d364648aa5c94b6d29e47e56254

stephan.yichao.zhao mentioned this in D98966: [dfsan] Add Origin ABI Wrappers.Mar 24 2021, 10:00 AM

Revision Contents

PathSize
compiler-rt/
lib/
dfsan/
442 lines
test/
dfsan/
255 lines

Diff 332422

compiler-rt/lib/dfsan/dfsan_custom.cpp

Show First 20 LinesShow All 1,041 Lines▼ Show 20 Lineschar *__dfsw_strcpy(char *dest, const char *src, dfsan_label dst_label,
if (ret) { if (ret) {
internal_memcpy(shadow_for(dest), shadow_for(src), internal_memcpy(shadow_for(dest), shadow_for(src),
sizeof(dfsan_label) * (strlen(src) + 1)); sizeof(dfsan_label) * (strlen(src) + 1));
} }
*ret_label = dst_label; *ret_label = dst_label;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE static long int dfsan_strtol(const char *nptr, char **endptr, int base,
long int __dfsw_strtol(const char *nptr, char **endptr, int base, char **tmp_endptr) {
dfsan_label nptr_label, dfsan_label endptr_label, long int ret = strtol(nptr, tmp_endptr, base);
gbalatsUnsubmitted
Done
ReplyInline Actions
char **tmp_endptr) {
long int ret = strtol(nptr, tmp_endptr, base);
+ assert(tmp_endptr);
if (endptr)

I assume the invariant here that differentiates this from strtol is that tmp_endptr is never null, right?
I suggest we add an assertion to make this explicit (here and in the similar functions that follow).

gbalats: I assume the invariant here that differentiates this from `strtol` is that `tmp_endptr` is…
stephan.yichao.zhaoAuthorUnsubmitted
Done
ReplyInline Actions

Added assert(tmp_endptr) before each strto* call.

stephan.yichao.zhao: Added assert(tmp_endptr) before each strto* call.
dfsan_label base_label, dfsan_label *ret_label) { if (endptr)
char *tmp_endptr; *endptr = *tmp_endptr;
long int ret = strtol(nptr, &tmp_endptr, base); return ret;
if (endptr) {
*endptr = tmp_endptr;
} }
static void dfsan_strtoxl_label(const char *nptr, const char *tmp_endptr,
gbalatsUnsubmitted
Done
ReplyInline Actions

The "xl" is a little confusing. I suggest renaming to dfsan_strtolong_label. Same for dfsan_strtolong_origin.

gbalats: The "xl" is a little confusing. I suggest renaming to `dfsan_strtolong_label`. Same for…
dfsan_label base_label,
dfsan_label *ret_label) {
if (tmp_endptr > nptr) { if (tmp_endptr > nptr) {
// If *tmp_endptr is '\0' include its label as well. // If *tmp_endptr is '\0' include its label as well.
*ret_label = dfsan_union( *ret_label = dfsan_union(
base_label, base_label,
dfsan_read_label(nptr, tmp_endptr - nptr + (*tmp_endptr ? 0 : 1))); dfsan_read_label(nptr, tmp_endptr - nptr + (*tmp_endptr ? 0 : 1)));
} else { } else {
*ret_label = 0; *ret_label = 0;
} }
}
static void dfsan_strtoxl_origin(const char *nptr, const char *tmp_endptr,
dfsan_label base_label, dfsan_label *ret_label,
dfsan_origin base_origin,
dfsan_origin *ret_origin) {
if (tmp_endptr > nptr) {
// If *tmp_endptr is '\0' include its label as well.
*ret_origin = base_label
? base_origin
gbalatsUnsubmitted
Done
ReplyInline Actions

Why is base_origin preferred over the origin of nptr? Should this be the case if both are tainted?

gbalats: Why is `base_origin` preferred over the origin of `nptr`? Should this be the case if both are…
stephan.yichao.zhaoAuthorUnsubmitted
Done
ReplyInline Actions

When multiple sources are tainted, we pick one of its origins to propagate.
Because checking base_label does not need additional computation like dfsan_read_origin_of_first_taint, we use it rather than from data pointed by nptr.
Added comments.

stephan.yichao.zhao: When multiple sources are tainted, we pick one of its origins to propagate. Because checking…
: dfsan_read_origin_of_first_taint(
nptr, tmp_endptr - nptr + (*tmp_endptr ? 0 : 1));
} else {
*ret_label = 0;
gbalatsUnsubmitted
Done
ReplyInline Actions

Should this be ret_origin instead, perhaps?

gbalats: Should this be `ret_origin` instead, perhaps?
stephan.yichao.zhaoAuthorUnsubmitted
Done
ReplyInline Actions

Thank you for catching this.
Actually we do not need to assign ret_origin when *ret_label=0 since we only need to track taint labels.
So I removed this branch.

stephan.yichao.zhao: Thank you for catching this. Actually we do not need to assign ret_origin when *ret_label=0…
}
}
SANITIZER_INTERFACE_ATTRIBUTE
long int __dfsw_strtol(const char *nptr, char **endptr, int base,
dfsan_label nptr_label, dfsan_label endptr_label,
dfsan_label base_label, dfsan_label *ret_label) {
char *tmp_endptr;
long int ret = dfsan_strtol(nptr, endptr, base, &tmp_endptr);
dfsan_strtoxl_label(nptr, tmp_endptr, base_label, ret_label);
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
double __dfsw_strtod(const char *nptr, char **endptr, long int __dfso_strtol(const char *nptr, char **endptr, int base,
dfsan_label nptr_label, dfsan_label endptr_label, dfsan_label nptr_label, dfsan_label endptr_label,
dfsan_label *ret_label) { dfsan_label base_label, dfsan_label *ret_label,
dfsan_origin nptr_origin, dfsan_origin endptr_origin,
dfsan_origin base_origin, dfsan_origin *ret_origin) {
char *tmp_endptr; char *tmp_endptr;
double ret = strtod(nptr, &tmp_endptr); long int ret = dfsan_strtol(nptr, endptr, base, &tmp_endptr);
if (endptr) { dfsan_strtoxl_label(nptr, tmp_endptr, base_label, ret_label);
*endptr = tmp_endptr; dfsan_strtoxl_origin(nptr, tmp_endptr, base_label, ret_label, base_origin,
ret_origin);
return ret;
}
static double dfsan_strtod(const char *nptr, char **endptr, char **tmp_endptr) {
double ret = strtod(nptr, tmp_endptr);
if (endptr)
*endptr = *tmp_endptr;
return ret;
} }
static void dfsan_strtod_lable(const char *nptr, const char *tmp_endptr,
gbalatsUnsubmitted
Done
ReplyInline Actions

lable -> label

gbalats: lable -> label
dfsan_label *ret_label) {
if (tmp_endptr > nptr) { if (tmp_endptr > nptr) {
// If *tmp_endptr is '\0' include its label as well. // If *tmp_endptr is '\0' include its label as well.
*ret_label = dfsan_read_label( *ret_label = dfsan_read_label(
nptr, nptr,
tmp_endptr - nptr + (*tmp_endptr ? 0 : 1)); tmp_endptr - nptr + (*tmp_endptr ? 0 : 1));
} else { } else {
*ret_label = 0; *ret_label = 0;
} }
}
SANITIZER_INTERFACE_ATTRIBUTE
double __dfsw_strtod(const char *nptr, char **endptr, dfsan_label nptr_label,
dfsan_label endptr_label, dfsan_label *ret_label) {
char *tmp_endptr;
double ret = dfsan_strtod(nptr, endptr, &tmp_endptr);
dfsan_strtod_lable(nptr, tmp_endptr, ret_label);
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE
double __dfso_strtod(const char *nptr, char **endptr, dfsan_label nptr_label,
dfsan_label endptr_label, dfsan_label *ret_label,
dfsan_origin nptr_origin, dfsan_origin endptr_origin,
dfsan_origin *ret_origin) {
char *tmp_endptr;
double ret = dfsan_strtod(nptr, endptr, &tmp_endptr);
dfsan_strtod_lable(nptr, tmp_endptr, ret_label);
if (tmp_endptr > nptr) {
// If *tmp_endptr is '\0' include its label as well.
*ret_origin = dfsan_read_origin_of_first_taint(
nptr, tmp_endptr - nptr + (*tmp_endptr ? 0 : 1));
} else {
*ret_origin = 0;
}
return ret;
}
static long long int dfsan_strtoll(const char *nptr, char **endptr, int base,
char **tmp_endptr) {
long long int ret = strtoll(nptr, tmp_endptr, base);
if (endptr)
*endptr = *tmp_endptr;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
long long int __dfsw_strtoll(const char *nptr, char **endptr, int base, long long int __dfsw_strtoll(const char *nptr, char **endptr, int base,
dfsan_label nptr_label, dfsan_label endptr_label, dfsan_label nptr_label, dfsan_label endptr_label,
dfsan_label base_label, dfsan_label *ret_label) { dfsan_label base_label, dfsan_label *ret_label) {
char *tmp_endptr; char *tmp_endptr;
long long int ret = strtoll(nptr, &tmp_endptr, base); long long int ret = dfsan_strtoll(nptr, endptr, base, &tmp_endptr);
if (endptr) { dfsan_strtoxl_label(nptr, tmp_endptr, base_label, ret_label);
*endptr = tmp_endptr; return ret;
} }
if (tmp_endptr > nptr) {
// If *tmp_endptr is '\0' include its label as well. SANITIZER_INTERFACE_ATTRIBUTE
*ret_label = dfsan_union( long long int __dfso_strtoll(const char *nptr, char **endptr, int base,
base_label, dfsan_label nptr_label, dfsan_label endptr_label,
dfsan_read_label(nptr, tmp_endptr - nptr + (*tmp_endptr ? 0 : 1))); dfsan_label base_label, dfsan_label *ret_label,
} else { dfsan_origin nptr_origin,
*ret_label = 0; dfsan_origin endptr_origin,
dfsan_origin base_origin,
dfsan_origin *ret_origin) {
char *tmp_endptr;
long long int ret = dfsan_strtoll(nptr, endptr, base, &tmp_endptr);
dfsan_strtoxl_label(nptr, tmp_endptr, base_label, ret_label);
dfsan_strtoxl_origin(nptr, tmp_endptr, base_label, ret_label, base_origin,
ret_origin);
return ret;
} }
static unsigned long int dfsan_strtoul(const char *nptr, char **endptr,
int base, char **tmp_endptr) {
unsigned long int ret = strtoul(nptr, tmp_endptr, base);
if (endptr)
*endptr = *tmp_endptr;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
unsigned long int __dfsw_strtoul(const char *nptr, char **endptr, int base, unsigned long int __dfsw_strtoul(const char *nptr, char **endptr, int base,
dfsan_label nptr_label, dfsan_label endptr_label, dfsan_label nptr_label, dfsan_label endptr_label,
dfsan_label base_label, dfsan_label *ret_label) { dfsan_label base_label, dfsan_label *ret_label) {
char *tmp_endptr; char *tmp_endptr;
unsigned long int ret = strtoul(nptr, &tmp_endptr, base); unsigned long int ret = dfsan_strtoul(nptr, endptr, base, &tmp_endptr);
if (endptr) { dfsan_strtoxl_label(nptr, tmp_endptr, base_label, ret_label);
*endptr = tmp_endptr; return ret;
} }
if (tmp_endptr > nptr) {
// If *tmp_endptr is '\0' include its label as well. SANITIZER_INTERFACE_ATTRIBUTE
*ret_label = dfsan_union( unsigned long int __dfso_strtoul(
base_label, const char *nptr, char **endptr, int base, dfsan_label nptr_label,
dfsan_read_label(nptr, tmp_endptr - nptr + (*tmp_endptr ? 0 : 1))); dfsan_label endptr_label, dfsan_label base_label, dfsan_label *ret_label,
} else { dfsan_origin nptr_origin, dfsan_origin endptr_origin,
*ret_label = 0; dfsan_origin base_origin, dfsan_origin *ret_origin) {
char *tmp_endptr;
unsigned long int ret = dfsan_strtoul(nptr, endptr, base, &tmp_endptr);
dfsan_strtoxl_label(nptr, tmp_endptr, base_label, ret_label);
dfsan_strtoxl_origin(nptr, tmp_endptr, base_label, ret_label, base_origin,
ret_origin);
return ret;
} }
static long long unsigned int dfsan_strtoull(const char *nptr, char **endptr,
int base, char **tmp_endptr) {
long long unsigned int ret = strtoull(nptr, tmp_endptr, base);
if (endptr)
*endptr = *tmp_endptr;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
long long unsigned int __dfsw_strtoull(const char *nptr, char **endptr, long long unsigned int __dfsw_strtoull(const char *nptr, char **endptr,
int base, dfsan_label nptr_label, int base, dfsan_label nptr_label,
dfsan_label endptr_label, dfsan_label endptr_label,
dfsan_label base_label, dfsan_label base_label,
dfsan_label *ret_label) { dfsan_label *ret_label) {
char *tmp_endptr; char *tmp_endptr;
long long unsigned int ret = strtoull(nptr, &tmp_endptr, base); long long unsigned int ret = dfsan_strtoull(nptr, endptr, base, &tmp_endptr);
if (endptr) { dfsan_strtoxl_label(nptr, tmp_endptr, base_label, ret_label);
*endptr = tmp_endptr; return ret;
}
if (tmp_endptr > nptr) {
// If *tmp_endptr is '\0' include its label as well.
*ret_label = dfsan_union(
base_label,
dfsan_read_label(nptr, tmp_endptr - nptr + (*tmp_endptr ? 0 : 1)));
} else {
*ret_label = 0;
} }
SANITIZER_INTERFACE_ATTRIBUTE
long long unsigned int __dfso_strtoull(
const char *nptr, char **endptr, int base, dfsan_label nptr_label,
dfsan_label endptr_label, dfsan_label base_label, dfsan_label *ret_label,
dfsan_origin nptr_origin, dfsan_origin endptr_origin,
dfsan_origin base_origin, dfsan_origin *ret_origin) {
char *tmp_endptr;
long long unsigned int ret = dfsan_strtoull(nptr, endptr, base, &tmp_endptr);
dfsan_strtoxl_label(nptr, tmp_endptr, base_label, ret_label);
dfsan_strtoxl_origin(nptr, tmp_endptr, base_label, ret_label, base_origin,
ret_origin);
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
time_t __dfsw_time(time_t *t, dfsan_label t_label, dfsan_label *ret_label) { time_t __dfsw_time(time_t *t, dfsan_label t_label, dfsan_label *ret_label) {
time_t ret = time(t); time_t ret = time(t);
if (ret != (time_t) -1 && t) { if (ret != (time_t) -1 && t) {
dfsan_set_label(0, t, sizeof(time_t)); dfsan_set_label(0, t, sizeof(time_t));
▲ Show 20 LinesShow All 318 Lines▼ Show 20 Linesint __dfsw_gettimeofday(struct timeval *tv, struct timezone *tz,
} }
if (tz) { if (tz) {
dfsan_set_label(0, tz, sizeof(struct timezone)); dfsan_set_label(0, tz, sizeof(struct timezone));
} }
*ret_label = 0; *ret_label = 0;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE
int __dfso_gettimeofday(struct timeval *tv, struct timezone *tz,
dfsan_label tv_label, dfsan_label tz_label,
dfsan_label *ret_label, dfsan_origin tv_origin,
dfsan_origin tz_origin, dfsan_origin *ret_origin) {
return __dfsw_gettimeofday(tv, tz, tv_label, tz_label, ret_label);
}
SANITIZER_INTERFACE_ATTRIBUTE void *__dfsw_memchr(void *s, int c, size_t n, SANITIZER_INTERFACE_ATTRIBUTE void *__dfsw_memchr(void *s, int c, size_t n,
dfsan_label s_label, dfsan_label s_label,
dfsan_label c_label, dfsan_label c_label,
dfsan_label n_label, dfsan_label n_label,
dfsan_label *ret_label) { dfsan_label *ret_label) {
void *ret = memchr(s, c, n); void *ret = memchr(s, c, n);
if (flags().strict_data_dependencies) { if (flags().strict_data_dependencies) {
*ret_label = ret ? s_label : 0; *ret_label = ret ? s_label : 0;
} else { } else {
size_t len = size_t len =
ret ? reinterpret_cast<char *>(ret) - reinterpret_cast<char *>(s) + 1 ret ? reinterpret_cast<char *>(ret) - reinterpret_cast<char *>(s) + 1
: n; : n;
*ret_label = *ret_label =
dfsan_union(dfsan_read_label(s, len), dfsan_union(s_label, c_label)); dfsan_union(dfsan_read_label(s, len), dfsan_union(s_label, c_label));
} }
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE void *__dfso_memchr(
void *s, int c, size_t n, dfsan_label s_label, dfsan_label c_label,
dfsan_label n_label, dfsan_label *ret_label, dfsan_origin s_origin,
dfsan_origin c_origin, dfsan_origin n_origin, dfsan_origin *ret_origin) {
void *ret = __dfsw_memchr(s, c, n, s_label, c_label, n_label, ret_label);
if (flags().strict_data_dependencies) {
if (ret)
*ret_origin = s_origin;
} else {
size_t len =
ret ? reinterpret_cast<char *>(ret) - reinterpret_cast<char *>(s) + 1
: n;
dfsan_origin o = dfsan_read_origin_of_first_taint(s, len);
*ret_origin = o ? o : (s_label ? s_origin : c_origin);
}
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strrchr(char *s, int c, SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strrchr(char *s, int c,
dfsan_label s_label, dfsan_label s_label,
dfsan_label c_label, dfsan_label c_label,
dfsan_label *ret_label) { dfsan_label *ret_label) {
char *ret = strrchr(s, c); char *ret = strrchr(s, c);
if (flags().strict_data_dependencies) { if (flags().strict_data_dependencies) {
*ret_label = ret ? s_label : 0; *ret_label = ret ? s_label : 0;
} else { } else {
*ret_label = *ret_label =
dfsan_union(dfsan_read_label(s, strlen(s) + 1), dfsan_union(dfsan_read_label(s, strlen(s) + 1),
dfsan_union(s_label, c_label)); dfsan_union(s_label, c_label));
} }
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE char *__dfso_strrchr(
char *s, int c, dfsan_label s_label, dfsan_label c_label,
dfsan_label *ret_label, dfsan_origin s_origin, dfsan_origin c_origin,
dfsan_origin *ret_origin) {
char *ret = strrchr(s, c);
gbalatsUnsubmitted
Done
ReplyInline Actions

Why is this not calling __dfsw_strrchr like the above cases do? This way, it's duplicating it's code.

gbalats: Why is this not calling `__dfsw_strrchr` like the above cases do? This way, it's duplicating…
stephan.yichao.zhaoAuthorUnsubmitted
Done
ReplyInline Actions

I think that was trying to reduce the number of times we call strlen since calculating origin needs strlen again.
But this happens only when strict_data_dependencies = false.
The flag is true by default, it may not be worth to 'optimize' this case by duplicating code.

Changed.

stephan.yichao.zhao: I think that was trying to reduce the number of times we call strlen since calculating origin…
if (flags().strict_data_dependencies) {
if (ret) {
*ret_label = s_label;
*ret_origin = s_origin;
} else {
*ret_label = 0;
}
} else {
size_t s_len = strlen(s) + 1;
*ret_label =
dfsan_union(dfsan_read_label(s, s_len), dfsan_union(s_label, c_label));
dfsan_origin o = dfsan_read_origin_of_first_taint(s, s_len);
*ret_origin = o ? o : (s_label ? s_origin : c_origin);
}
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strstr(char *haystack, char *needle, SANITIZER_INTERFACE_ATTRIBUTE char *__dfsw_strstr(char *haystack, char *needle,
dfsan_label haystack_label, dfsan_label haystack_label,
dfsan_label needle_label, dfsan_label needle_label,
dfsan_label *ret_label) { dfsan_label *ret_label) {
char *ret = strstr(haystack, needle); char *ret = strstr(haystack, needle);
if (flags().strict_data_dependencies) { if (flags().strict_data_dependencies) {
*ret_label = ret ? haystack_label : 0; *ret_label = ret ? haystack_label : 0;
} else { } else {
size_t len = ret ? ret + strlen(needle) - haystack : strlen(haystack) + 1; size_t len = ret ? ret + strlen(needle) - haystack : strlen(haystack) + 1;
*ret_label = *ret_label =
dfsan_union(dfsan_read_label(haystack, len), dfsan_union(dfsan_read_label(haystack, len),
dfsan_union(dfsan_read_label(needle, strlen(needle) + 1), dfsan_union(dfsan_read_label(needle, strlen(needle) + 1),
dfsan_union(haystack_label, needle_label))); dfsan_union(haystack_label, needle_label)));
} }
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE char *__dfso_strstr(char *haystack, char *needle,
dfsan_label haystack_label,
dfsan_label needle_label,
dfsan_label *ret_label,
dfsan_origin haystack_origin,
dfsan_origin needle_origin,
dfsan_origin *ret_origin) {
char *ret = strstr(haystack, needle);
gbalatsUnsubmitted
Done
ReplyInline Actions

Same here.

gbalats: Same here.
if (flags().strict_data_dependencies) {
if (ret) {
*ret_label = haystack_label;
*ret_origin = haystack_origin;
} else {
*ret_label = 0;
}
} else {
size_t needle_len = strlen(needle);
size_t len = ret ? ret + needle_len - haystack : strlen(haystack) + 1;
*ret_label =
dfsan_union(dfsan_read_label(haystack, len),
dfsan_union(dfsan_read_label(needle, needle_len + 1),
dfsan_union(haystack_label, needle_label)));
dfsan_origin o = dfsan_read_origin_of_first_taint(haystack, len);
if (o) {
*ret_origin = o;
} else {
o = dfsan_read_origin_of_first_taint(needle, needle_len + 1);
*ret_origin = o ? o : (haystack_label ? haystack_origin : needle_origin);
}
}
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_nanosleep(const struct timespec *req, SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_nanosleep(const struct timespec *req,
struct timespec *rem, struct timespec *rem,
dfsan_label req_label, dfsan_label req_label,
dfsan_label rem_label, dfsan_label rem_label,
dfsan_label *ret_label) { dfsan_label *ret_label) {
int ret = nanosleep(req, rem); int ret = nanosleep(req, rem);
*ret_label = 0; *ret_label = 0;
if (ret == -1) { if (ret == -1) {
// Interrupted by a signal, rem is filled with the remaining time. // Interrupted by a signal, rem is filled with the remaining time.
dfsan_set_label(0, rem, sizeof(struct timespec)); dfsan_set_label(0, rem, sizeof(struct timespec));
} }
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE int __dfso_nanosleep(
const struct timespec *req, struct timespec *rem, dfsan_label req_label,
dfsan_label rem_label, dfsan_label *ret_label, dfsan_origin req_origin,
dfsan_origin rem_origin, dfsan_origin *ret_origin) {
return __dfsw_nanosleep(req, rem, req_label, rem_label, ret_label);
}
static void clear_msghdr_labels(size_t bytes_written, struct msghdr *msg) { static void clear_msghdr_labels(size_t bytes_written, struct msghdr *msg) {
dfsan_set_label(0, msg, sizeof(*msg)); dfsan_set_label(0, msg, sizeof(*msg));
dfsan_set_label(0, msg->msg_name, msg->msg_namelen); dfsan_set_label(0, msg->msg_name, msg->msg_namelen);
dfsan_set_label(0, msg->msg_control, msg->msg_controllen); dfsan_set_label(0, msg->msg_control, msg->msg_controllen);
for (size_t i = 0; bytes_written > 0; ++i) { for (size_t i = 0; bytes_written > 0; ++i) {
assert(i < msg->msg_iovlen); assert(i < msg->msg_iovlen);
struct iovec *iov = &msg->msg_iov[i]; struct iovec *iov = &msg->msg_iov[i];
size_t iov_written = size_t iov_written =
Show All 12 LinesSANITIZER_INTERFACE_ATTRIBUTE int __dfsw_recvmmsg(
for (int i = 0; i < ret; ++i) { for (int i = 0; i < ret; ++i) {
dfsan_set_label(0, &msgvec[i].msg_len, sizeof(msgvec[i].msg_len)); dfsan_set_label(0, &msgvec[i].msg_len, sizeof(msgvec[i].msg_len));
clear_msghdr_labels(msgvec[i].msg_len, &msgvec[i].msg_hdr); clear_msghdr_labels(msgvec[i].msg_len, &msgvec[i].msg_hdr);
} }
*ret_label = 0; *ret_label = 0;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE int __dfso_recvmmsg(
int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags,
struct timespec *timeout, dfsan_label sockfd_label,
dfsan_label msgvec_label, dfsan_label vlen_label, dfsan_label flags_label,
dfsan_label timeout_label, dfsan_label *ret_label,
dfsan_origin sockfd_origin, dfsan_origin msgvec_origin,
dfsan_origin vlen_origin, dfsan_origin flags_origin,
dfsan_origin timeout_origin, dfsan_origin *ret_origin) {
return __dfsw_recvmmsg(sockfd, msgvec, vlen, flags, timeout, sockfd_label,
msgvec_label, vlen_label, flags_label, timeout_label,
ret_label);
}
SANITIZER_INTERFACE_ATTRIBUTE ssize_t __dfsw_recvmsg( SANITIZER_INTERFACE_ATTRIBUTE ssize_t __dfsw_recvmsg(
int sockfd, struct msghdr *msg, int flags, dfsan_label sockfd_label, int sockfd, struct msghdr *msg, int flags, dfsan_label sockfd_label,
dfsan_label msg_label, dfsan_label flags_label, dfsan_label *ret_label) { dfsan_label msg_label, dfsan_label flags_label, dfsan_label *ret_label) {
ssize_t ret = recvmsg(sockfd, msg, flags); ssize_t ret = recvmsg(sockfd, msg, flags);
if (ret >= 0) if (ret >= 0)
clear_msghdr_labels(ret, msg); clear_msghdr_labels(ret, msg);
*ret_label = 0; *ret_label = 0;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE ssize_t __dfso_recvmsg(
int sockfd, struct msghdr *msg, int flags, dfsan_label sockfd_label,
dfsan_label msg_label, dfsan_label flags_label, dfsan_label *ret_label,
dfsan_origin sockfd_origin, dfsan_origin msg_origin,
dfsan_origin flags_origin, dfsan_origin *ret_origin) {
return __dfsw_recvmsg(sockfd, msg, flags, sockfd_label, msg_label,
flags_label, ret_label);
}
SANITIZER_INTERFACE_ATTRIBUTE int SANITIZER_INTERFACE_ATTRIBUTE int
__dfsw_socketpair(int domain, int type, int protocol, int sv[2], __dfsw_socketpair(int domain, int type, int protocol, int sv[2],
dfsan_label domain_label, dfsan_label type_label, dfsan_label domain_label, dfsan_label type_label,
dfsan_label protocol_label, dfsan_label sv_label, dfsan_label protocol_label, dfsan_label sv_label,
dfsan_label *ret_label) { dfsan_label *ret_label) {
int ret = socketpair(domain, type, protocol, sv); int ret = socketpair(domain, type, protocol, sv);
*ret_label = 0; *ret_label = 0;
if (ret == 0) { if (ret == 0) {
dfsan_set_label(0, sv, sizeof(*sv) * 2); dfsan_set_label(0, sv, sizeof(*sv) * 2);
} }
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE int __dfso_socketpair(
int domain, int type, int protocol, int sv[2], dfsan_label domain_label,
dfsan_label type_label, dfsan_label protocol_label, dfsan_label sv_label,
dfsan_label *ret_label, dfsan_origin domain_origin,
dfsan_origin type_origin, dfsan_origin protocol_origin,
dfsan_origin sv_origin, dfsan_origin *ret_origin) {
return __dfsw_socketpair(domain, type, protocol, sv, domain_label, type_label,
protocol_label, sv_label, ret_label);
}
SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getsockopt( SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getsockopt(
int sockfd, int level, int optname, void *optval, socklen_t *optlen, int sockfd, int level, int optname, void *optval, socklen_t *optlen,
dfsan_label sockfd_label, dfsan_label level_label, dfsan_label sockfd_label, dfsan_label level_label,
dfsan_label optname_label, dfsan_label optval_label, dfsan_label optname_label, dfsan_label optval_label,
dfsan_label optlen_label, dfsan_label *ret_label) { dfsan_label optlen_label, dfsan_label *ret_label) {
int ret = getsockopt(sockfd, level, optname, optval, optlen); int ret = getsockopt(sockfd, level, optname, optval, optlen);
if (ret != -1 && optval && optlen) { if (ret != -1 && optval && optlen) {
dfsan_set_label(0, optlen, sizeof(*optlen)); dfsan_set_label(0, optlen, sizeof(*optlen));
dfsan_set_label(0, optval, *optlen); dfsan_set_label(0, optval, *optlen);
} }
*ret_label = 0; *ret_label = 0;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE int __dfso_getsockopt(
int sockfd, int level, int optname, void *optval, socklen_t *optlen,
dfsan_label sockfd_label, dfsan_label level_label,
dfsan_label optname_label, dfsan_label optval_label,
dfsan_label optlen_label, dfsan_label *ret_label,
dfsan_origin sockfd_origin, dfsan_origin level_origin,
dfsan_origin optname_origin, dfsan_origin optval_origin,
dfsan_origin optlen_origin, dfsan_origin *ret_origin) {
return __dfsw_getsockopt(sockfd, level, optname, optval, optlen, sockfd_label,
level_label, optname_label, optval_label,
optlen_label, ret_label);
}
SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getsockname( SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getsockname(
int sockfd, struct sockaddr *addr, socklen_t *addrlen, int sockfd, struct sockaddr *addr, socklen_t *addrlen,
dfsan_label sockfd_label, dfsan_label addr_label, dfsan_label addrlen_label, dfsan_label sockfd_label, dfsan_label addr_label, dfsan_label addrlen_label,
dfsan_label *ret_label) { dfsan_label *ret_label) {
socklen_t origlen = addrlen ? *addrlen : 0; socklen_t origlen = addrlen ? *addrlen : 0;
int ret = getsockname(sockfd, addr, addrlen); int ret = getsockname(sockfd, addr, addrlen);
if (ret != -1 && addr && addrlen) { if (ret != -1 && addr && addrlen) {
socklen_t written_bytes = origlen < *addrlen ? origlen : *addrlen; socklen_t written_bytes = origlen < *addrlen ? origlen : *addrlen;
dfsan_set_label(0, addrlen, sizeof(*addrlen)); dfsan_set_label(0, addrlen, sizeof(*addrlen));
dfsan_set_label(0, addr, written_bytes); dfsan_set_label(0, addr, written_bytes);
} }
*ret_label = 0; *ret_label = 0;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE int __dfso_getsockname(
int sockfd, struct sockaddr *addr, socklen_t *addrlen,
dfsan_label sockfd_label, dfsan_label addr_label, dfsan_label addrlen_label,
dfsan_label *ret_label, dfsan_origin sockfd_origin,
dfsan_origin addr_origin, dfsan_origin addrlen_origin,
dfsan_origin *ret_origin) {
return __dfsw_getsockname(sockfd, addr, addrlen, sockfd_label, addr_label,
addrlen_label, ret_label);
}
SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getpeername( SANITIZER_INTERFACE_ATTRIBUTE int __dfsw_getpeername(
int sockfd, struct sockaddr *addr, socklen_t *addrlen, int sockfd, struct sockaddr *addr, socklen_t *addrlen,
dfsan_label sockfd_label, dfsan_label addr_label, dfsan_label addrlen_label, dfsan_label sockfd_label, dfsan_label addr_label, dfsan_label addrlen_label,
dfsan_label *ret_label) { dfsan_label *ret_label) {
socklen_t origlen = addrlen ? *addrlen : 0; socklen_t origlen = addrlen ? *addrlen : 0;
int ret = getpeername(sockfd, addr, addrlen); int ret = getpeername(sockfd, addr, addrlen);
if (ret != -1 && addr && addrlen) { if (ret != -1 && addr && addrlen) {
socklen_t written_bytes = origlen < *addrlen ? origlen : *addrlen; socklen_t written_bytes = origlen < *addrlen ? origlen : *addrlen;
dfsan_set_label(0, addrlen, sizeof(*addrlen)); dfsan_set_label(0, addrlen, sizeof(*addrlen));
dfsan_set_label(0, addr, written_bytes); dfsan_set_label(0, addr, written_bytes);
} }
*ret_label = 0; *ret_label = 0;
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE int __dfso_getpeername(
int sockfd, struct sockaddr *addr, socklen_t *addrlen,
dfsan_label sockfd_label, dfsan_label addr_label, dfsan_label addrlen_label,
dfsan_label *ret_label, dfsan_origin sockfd_origin,
dfsan_origin addr_origin, dfsan_origin addrlen_origin,
dfsan_origin *ret_origin) {
return __dfsw_getpeername(sockfd, addr, addrlen, sockfd_label, addr_label,
addrlen_label, ret_label);
}
// Type of the trampoline function passed to the custom version of // Type of the trampoline function passed to the custom version of
// dfsan_set_write_callback. // dfsan_set_write_callback.
typedef void (*write_trampoline_t)( typedef void (*write_trampoline_t)(
void *callback, void *callback,
int fd, const void *buf, ssize_t count, int fd, const void *buf, ssize_t count,
dfsan_label fd_label, dfsan_label buf_label, dfsan_label count_label); dfsan_label fd_label, dfsan_label buf_label, dfsan_label count_label);
typedef void (*write_origin_trampoline_t)( typedef void (*write_origin_trampoline_t)(
▲ Show 20 LinesShow All 145 Lines▼ Show 20 Lines
// chunk independently into the output string. This approach allows to figure // chunk independently into the output string. This approach allows to figure
// out which bytes of the output string depends on which argument and thus to // out which bytes of the output string depends on which argument and thus to
// propagate labels more precisely. // propagate labels more precisely.
// //
// WARNING: This implementation does not support conversion specifiers with // WARNING: This implementation does not support conversion specifiers with
// positional arguments. // positional arguments.
static int format_buffer(char *str, size_t size, const char *fmt, static int format_buffer(char *str, size_t size, const char *fmt,
dfsan_label *va_labels, dfsan_label *ret_label, dfsan_label *va_labels, dfsan_label *ret_label,
dfsan_origin *va_origins, dfsan_origin *ret_origin,
va_list ap) { va_list ap) {
Formatter formatter(str, fmt, size); Formatter formatter(str, fmt, size);
while (*formatter.fmt_cur) { while (*formatter.fmt_cur) {
formatter.fmt_start = formatter.fmt_cur; formatter.fmt_start = formatter.fmt_cur;
formatter.width = -1; formatter.width = -1;
int retval = 0; int retval = 0;
Show All 39 Lines if (*formatter.fmt_cur != '%') {
break; break;
case 'z': case 'z':
case 't': case 't':
retval = formatter.format(va_arg(ap, size_t)); retval = formatter.format(va_arg(ap, size_t));
break; break;
default: default:
retval = formatter.format(va_arg(ap, int)); retval = formatter.format(va_arg(ap, int));
} }
if (va_origins == nullptr)
dfsan_set_label(*va_labels++, formatter.str_cur(), dfsan_set_label(*va_labels++, formatter.str_cur(),
formatter.num_written_bytes(retval)); formatter.num_written_bytes(retval));
else
dfsan_set_label_origin(*va_labels++, *va_origins++,
formatter.str_cur(),
formatter.num_written_bytes(retval));
end_fmt = true; end_fmt = true;
break; break;
case 'a': case 'a':
case 'A': case 'A':
case 'e': case 'e':
case 'E': case 'E':
case 'f': case 'f':
case 'F': case 'F':
case 'g': case 'g':
case 'G': case 'G':
if (*(formatter.fmt_cur - 1) == 'L') { if (*(formatter.fmt_cur - 1) == 'L') {
retval = formatter.format(va_arg(ap, long double)); retval = formatter.format(va_arg(ap, long double));
} else { } else {
retval = formatter.format(va_arg(ap, double)); retval = formatter.format(va_arg(ap, double));
} }
if (va_origins == nullptr)
dfsan_set_label(*va_labels++, formatter.str_cur(), dfsan_set_label(*va_labels++, formatter.str_cur(),
formatter.num_written_bytes(retval)); formatter.num_written_bytes(retval));
else
dfsan_set_label_origin(*va_labels++, *va_origins++,
formatter.str_cur(),
formatter.num_written_bytes(retval));
end_fmt = true; end_fmt = true;
break; break;
case 'c': case 'c':
retval = formatter.format(va_arg(ap, int)); retval = formatter.format(va_arg(ap, int));
if (va_origins == nullptr)
dfsan_set_label(*va_labels++, formatter.str_cur(), dfsan_set_label(*va_labels++, formatter.str_cur(),
formatter.num_written_bytes(retval)); formatter.num_written_bytes(retval));
else
dfsan_set_label_origin(*va_labels++, *va_origins++,
formatter.str_cur(),
formatter.num_written_bytes(retval));
end_fmt = true; end_fmt = true;
break; break;
case 's': { case 's': {
char *arg = va_arg(ap, char *); char *arg = va_arg(ap, char *);
retval = formatter.format(arg); retval = formatter.format(arg);
if (va_origins) {
va_origins++;
dfsan_mem_origin_transfer(formatter.str_cur(), arg,
formatter.num_written_bytes(retval));
}
va_labels++; va_labels++;
internal_memcpy(shadow_for(formatter.str_cur()), shadow_for(arg), internal_memcpy(shadow_for(formatter.str_cur()), shadow_for(arg),
sizeof(dfsan_label) * sizeof(dfsan_label) *
formatter.num_written_bytes(retval)); formatter.num_written_bytes(retval));
end_fmt = true; end_fmt = true;
break; break;
} }
case 'p': case 'p':
retval = formatter.format(va_arg(ap, void *)); retval = formatter.format(va_arg(ap, void *));
if (va_origins == nullptr)
dfsan_set_label(*va_labels++, formatter.str_cur(), dfsan_set_label(*va_labels++, formatter.str_cur(),
formatter.num_written_bytes(retval)); formatter.num_written_bytes(retval));
else
dfsan_set_label_origin(*va_labels++, *va_origins++,
formatter.str_cur(),
formatter.num_written_bytes(retval));
end_fmt = true; end_fmt = true;
break; break;
case 'n': { case 'n': {
int *ptr = va_arg(ap, int *); int *ptr = va_arg(ap, int *);
*ptr = (int)formatter.str_off; *ptr = (int)formatter.str_off;
va_labels++; va_labels++;
if (va_origins)
va_origins++;
dfsan_set_label(0, ptr, sizeof(ptr)); dfsan_set_label(0, ptr, sizeof(ptr));
end_fmt = true; end_fmt = true;
break; break;
} }
case '%': case '%':
retval = formatter.format(); retval = formatter.format();
dfsan_set_label(0, formatter.str_cur(), dfsan_set_label(0, formatter.str_cur(),
formatter.num_written_bytes(retval)); formatter.num_written_bytes(retval));
end_fmt = true; end_fmt = true;
break; break;
case '*': case '*':
formatter.width = va_arg(ap, int); formatter.width = va_arg(ap, int);
va_labels++; va_labels++;
if (va_origins)
va_origins++;
break; break;
default: default:
break; break;
} }
} }
} }
if (retval < 0) { if (retval < 0) {
return retval; return retval;
} }
formatter.fmt_cur++; formatter.fmt_cur++;
formatter.str_off += retval; formatter.str_off += retval;
} }
*ret_label = 0; *ret_label = 0;
if (ret_origin)
*ret_origin = 0;
// Number of bytes written in total. // Number of bytes written in total.
return formatter.str_off; return formatter.str_off;
} }
extern "C" { extern "C" {
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
int __dfsw_sprintf(char *str, const char *format, dfsan_label str_label, int __dfsw_sprintf(char *str, const char *format, dfsan_label str_label,
dfsan_label format_label, dfsan_label *va_labels, dfsan_label format_label, dfsan_label *va_labels,
dfsan_label *ret_label, ...) { dfsan_label *ret_label, ...) {
va_list ap; va_list ap;
va_start(ap, ret_label); va_start(ap, ret_label);
int ret = format_buffer(str, ~0ul, format, va_labels, ret_label, ap); int ret = format_buffer(str, ~0ul, format, va_labels, ret_label, nullptr,
nullptr, ap);
va_end(ap);
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE
int __dfso_sprintf(char *str, const char *format, dfsan_label str_label,
dfsan_label format_label, dfsan_label *va_labels,
dfsan_label *ret_label, dfsan_origin str_origin,
dfsan_origin format_origin, dfsan_origin *va_origins,
dfsan_origin *ret_origin, ...) {
va_list ap;
va_start(ap, ret_origin);
int ret = format_buffer(str, ~0ul, format, va_labels, ret_label, va_origins,
ret_origin, ap);
va_end(ap); va_end(ap);
return ret; return ret;
} }
SANITIZER_INTERFACE_ATTRIBUTE SANITIZER_INTERFACE_ATTRIBUTE
int __dfsw_snprintf(char *str, size_t size, const char *format, int __dfsw_snprintf(char *str, size_t size, const char *format,
dfsan_label str_label, dfsan_label size_label, dfsan_label str_label, dfsan_label size_label,
dfsan_label format_label, dfsan_label *va_labels, dfsan_label format_label, dfsan_label *va_labels,
dfsan_label *ret_label, ...) { dfsan_label *ret_label, ...) {
va_list ap; va_list ap;
va_start(ap, ret_label); va_start(ap, ret_label);
int ret = format_buffer(str, size, format, va_labels, ret_label, ap); int ret = format_buffer(str, size, format, va_labels, ret_label, nullptr,
nullptr, ap);
va_end(ap);
return ret;
}
SANITIZER_INTERFACE_ATTRIBUTE
int __dfso_snprintf(char *str, size_t size, const char *format,
dfsan_label str_label, dfsan_label size_label,
dfsan_label format_label, dfsan_label *va_labels,
dfsan_label *ret_label, dfsan_origin str_origin,
dfsan_origin size_origin, dfsan_origin format_origin,
dfsan_origin *va_origins, dfsan_origin *ret_origin, ...) {
va_list ap;
va_start(ap, ret_origin);
int ret = format_buffer(str, size, format, va_labels, ret_label, va_origins,
ret_origin, ap);
va_end(ap); va_end(ap);
return ret; return ret;
} }
static void BeforeFork() { static void BeforeFork() {
StackDepotLockAll(); StackDepotLockAll();
GetChainedOriginDepot()->LockAll(); GetChainedOriginDepot()->LockAll();
} }
▲ Show 20 LinesShow All 43 LinesShow Last 20 Lines

compiler-rt/test/dfsan/custom.cpp

Show First 20 LinesShow All 594 Lines▼ Show 20 Linesvoid test_calloc() {
dfsan_set_label(i_label, crv, 100); dfsan_set_label(i_label, crv, 100);
free(crv); free(crv);
crv = (char *) calloc(4096, 1); crv = (char *) calloc(4096, 1);
ASSERT_ZERO_LABEL(crv[0]); ASSERT_ZERO_LABEL(crv[0]);
free(crv); free(crv);
} }
#if !defined(ORIGIN_TRACKING)
void test_recvmmsg() { void test_recvmmsg() {
int sockfds[2]; int sockfds[2];
int ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sockfds); int ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sockfds);
assert(ret != -1); assert(ret != -1);
// Setup messages to send. // Setup messages to send.
struct mmsghdr smmsg[2] = {}; struct mmsghdr smmsg[2] = {};
char sbuf0[] = "abcdefghijkl"; char sbuf0[] = "abcdefghijkl";
Show All 21 Linesvoid test_recvmmsg() {
rmmsg[1].msg_hdr.msg_iovlen = 1; rmmsg[1].msg_hdr.msg_iovlen = 1;
struct timespec timeout = {1, 1}; struct timespec timeout = {1, 1};
dfsan_set_label(i_label, rbuf0, sizeof(rbuf0)); dfsan_set_label(i_label, rbuf0, sizeof(rbuf0));
dfsan_set_label(i_label, rbuf1, sizeof(rbuf1)); dfsan_set_label(i_label, rbuf1, sizeof(rbuf1));
dfsan_set_label(i_label, &rmmsg[0].msg_len, sizeof(rmmsg[0].msg_len)); dfsan_set_label(i_label, &rmmsg[0].msg_len, sizeof(rmmsg[0].msg_len));
dfsan_set_label(i_label, &rmmsg[1].msg_len, sizeof(rmmsg[1].msg_len)); dfsan_set_label(i_label, &rmmsg[1].msg_len, sizeof(rmmsg[1].msg_len));
dfsan_set_label(i_label, &timeout, sizeof(timeout)); dfsan_set_label(i_label, &timeout, sizeof(timeout));
dfsan_origin msg_len0_o = dfsan_get_origin((long)(rmmsg[0].msg_len));
dfsan_origin msg_len1_o = dfsan_get_origin((long)(rmmsg[1].msg_len));
// Receive messages and check labels. // Receive messages and check labels.
int received_msgs = recvmmsg(sockfds[1], rmmsg, 2, 0, &timeout); int received_msgs = recvmmsg(sockfds[1], rmmsg, 2, 0, &timeout);
assert(received_msgs == sent_msgs); assert(received_msgs == sent_msgs);
assert(rmmsg[0].msg_len == smmsg[0].msg_len); assert(rmmsg[0].msg_len == smmsg[0].msg_len);
assert(rmmsg[1].msg_len == smmsg[1].msg_len); assert(rmmsg[1].msg_len == smmsg[1].msg_len);
assert(memcmp(sbuf0, rbuf0, 8) == 0); assert(memcmp(sbuf0, rbuf0, 8) == 0);
assert(memcmp(sbuf1, rbuf1, 7) == 0); assert(memcmp(sbuf1, rbuf1, 7) == 0);
ASSERT_ZERO_LABEL(received_msgs); ASSERT_ZERO_LABEL(received_msgs);
ASSERT_ZERO_LABEL(rmmsg[0].msg_len); ASSERT_ZERO_LABEL(rmmsg[0].msg_len);
ASSERT_ZERO_LABEL(rmmsg[1].msg_len); ASSERT_ZERO_LABEL(rmmsg[1].msg_len);
ASSERT_READ_ZERO_LABEL(&rbuf0[0], 8); ASSERT_READ_ZERO_LABEL(&rbuf0[0], 8);
ASSERT_READ_LABEL(&rbuf0[8], 1, i_label); ASSERT_READ_LABEL(&rbuf0[8], 1, i_label);
ASSERT_READ_ZERO_LABEL(&rbuf1[0], 7); ASSERT_READ_ZERO_LABEL(&rbuf1[0], 7);
ASSERT_READ_LABEL(&rbuf1[7], 1, i_label); ASSERT_READ_LABEL(&rbuf1[7], 1, i_label);
ASSERT_LABEL(timeout.tv_sec, i_label); ASSERT_LABEL(timeout.tv_sec, i_label);
ASSERT_LABEL(timeout.tv_nsec, i_label); ASSERT_LABEL(timeout.tv_nsec, i_label);
ASSERT_ORIGIN((long)(rmmsg[0].msg_len), msg_len0_o);
ASSERT_ORIGIN((long)(rmmsg[1].msg_len), msg_len1_o);
close(sockfds[0]); close(sockfds[0]);
close(sockfds[1]); close(sockfds[1]);
} }
void test_recvmsg() { void test_recvmsg() {
int sockfds[2]; int sockfds[2];
int ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sockfds); int ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sockfds);
assert(ret != -1); assert(ret != -1);
Show All 11 Linesvoid test_recvmsg() {
struct iovec riovs[2] = {{&rbuf[0], 4}, {&rbuf[4], 4}}; struct iovec riovs[2] = {{&rbuf[0], 4}, {&rbuf[4], 4}};
struct msghdr rmsg = {}; struct msghdr rmsg = {};
rmsg.msg_iov = riovs; rmsg.msg_iov = riovs;
rmsg.msg_iovlen = 2; rmsg.msg_iovlen = 2;
dfsan_set_label(i_label, rbuf, sizeof(rbuf)); dfsan_set_label(i_label, rbuf, sizeof(rbuf));
dfsan_set_label(i_label, &rmsg, sizeof(rmsg)); dfsan_set_label(i_label, &rmsg, sizeof(rmsg));
DEFINE_AND_SAVE_ORIGINS(rmsg)
ssize_t received = recvmsg(sockfds[1], &rmsg, 0); ssize_t received = recvmsg(sockfds[1], &rmsg, 0);
assert(received == sent); assert(received == sent);
assert(memcmp(sbuf, rbuf, 8) == 0); assert(memcmp(sbuf, rbuf, 8) == 0);
ASSERT_ZERO_LABEL(received); ASSERT_ZERO_LABEL(received);
ASSERT_READ_ZERO_LABEL(&rmsg, sizeof(rmsg)); ASSERT_READ_ZERO_LABEL(&rmsg, sizeof(rmsg));
ASSERT_READ_ZERO_LABEL(&rbuf[0], 8); ASSERT_READ_ZERO_LABEL(&rbuf[0], 8);
ASSERT_READ_LABEL(&rbuf[8], 1, i_label); ASSERT_READ_LABEL(&rbuf[8], 1, i_label);
ASSERT_SAVED_ORIGINS(rmsg)
close(sockfds[0]); close(sockfds[0]);
close(sockfds[1]); close(sockfds[1]);
} }
#endif // !defined(ORIGIN_TRACKING)
void test_read() { void test_read() {
char buf[16]; char buf[16];
dfsan_set_label(i_label, buf, 1); dfsan_set_label(i_label, buf, 1);
dfsan_set_label(j_label, buf + 15, 1); dfsan_set_label(j_label, buf + 15, 1);
DEFINE_AND_SAVE_ORIGINS(buf) DEFINE_AND_SAVE_ORIGINS(buf)
ASSERT_LABEL(buf[0], i_label); ASSERT_LABEL(buf[0], i_label);
▲ Show 20 LinesShow All 221 Lines▼ Show 20 Linesvoid test_strcpy() {
// Note: if strlen(src) + 1 were used instead to compute the first untouched // Note: if strlen(src) + 1 were used instead to compute the first untouched
// byte of dest, the label would be I|J. This is because strlen() might // byte of dest, the label would be I|J. This is because strlen() might
// return a non-zero label, and because by default pointer labels are not // return a non-zero label, and because by default pointer labels are not
// ignored on loads. // ignored on loads.
ASSERT_LABEL(dst[12], i_label); ASSERT_LABEL(dst[12], i_label);
} }
void test_strtol() { void test_strtol() {
char buf[] = "1234578910"; char non_number_buf[] = "ab ";
char *endptr = NULL; char *endptr = NULL;
long int ret = strtol(non_number_buf, &endptr, 10);
assert(ret == 0);
assert(endptr == non_number_buf);
ASSERT_ZERO_LABEL(ret);
char buf[] = "1234578910";
int base = 10;
dfsan_set_label(k_label, &base, sizeof(base));
ret = strtol(buf, &endptr, base);
assert(ret == 1234578910);
assert(endptr == buf + 10);
ASSERT_LABEL(ret, k_label);
ASSERT_EQ_ORIGIN(ret, base);
dfsan_set_label(i_label, buf + 1, 1); dfsan_set_label(i_label, buf + 1, 1);
dfsan_set_label(j_label, buf + 10, 1); dfsan_set_label(j_label, buf + 10, 1);
long int ret = strtol(buf, &endptr, 10); ret = strtol(buf, &endptr, 10);
assert(ret == 1234578910); assert(ret == 1234578910);
assert(endptr == buf + 10); assert(endptr == buf + 10);
ASSERT_LABEL(ret, i_j_label); ASSERT_LABEL(ret, i_j_label);
ASSERT_EQ_ORIGIN(ret, buf[1]);
} }
void test_strtoll() { void test_strtoll() {
char buf[] = "1234578910 "; char non_number_buf[] = "ab ";
char *endptr = NULL; char *endptr = NULL;
long long int ret = strtoll(non_number_buf, &endptr, 10);
assert(ret == 0);
assert(endptr == non_number_buf);
ASSERT_ZERO_LABEL(ret);
char buf[] = "1234578910 ";
int base = 10;
dfsan_set_label(k_label, &base, sizeof(base));
ret = strtoll(buf, &endptr, base);
assert(ret == 1234578910);
assert(endptr == buf + 10);
ASSERT_LABEL(ret, k_label);
ASSERT_EQ_ORIGIN(ret, base);
dfsan_set_label(i_label, buf + 1, 1); dfsan_set_label(i_label, buf + 1, 1);
dfsan_set_label(j_label, buf + 2, 1); dfsan_set_label(j_label, buf + 2, 1);
long long int ret = strtoll(buf, &endptr, 10); ret = strtoll(buf, &endptr, 10);
assert(ret == 1234578910); assert(ret == 1234578910);
assert(endptr == buf + 10); assert(endptr == buf + 10);
ASSERT_LABEL(ret, i_j_label); ASSERT_LABEL(ret, i_j_label);
ASSERT_EQ_ORIGIN(ret, buf[1]);
} }
void test_strtoul() { void test_strtoul() {
char buf[] = "ffffffffffffaa"; char non_number_buf[] = "xy ";
char *endptr = NULL; char *endptr = NULL;
long unsigned int ret = strtoul(non_number_buf, &endptr, 16);
assert(ret == 0);
assert(endptr == non_number_buf);
ASSERT_ZERO_LABEL(ret);
char buf[] = "ffffffffffffaa";
int base = 16;
dfsan_set_label(k_label, &base, sizeof(base));
ret = strtoul(buf, &endptr, base);
assert(ret == 72057594037927850);
assert(endptr == buf + 14);
ASSERT_LABEL(ret, k_label);
ASSERT_EQ_ORIGIN(ret, base);
dfsan_set_label(i_label, buf + 1, 1); dfsan_set_label(i_label, buf + 1, 1);
dfsan_set_label(j_label, buf + 2, 1); dfsan_set_label(j_label, buf + 2, 1);
long unsigned int ret = strtol(buf, &endptr, 16); ret = strtoul(buf, &endptr, 16);
assert(ret == 72057594037927850); assert(ret == 72057594037927850);
assert(endptr == buf + 14); assert(endptr == buf + 14);
ASSERT_LABEL(ret, i_j_label); ASSERT_LABEL(ret, i_j_label);
ASSERT_EQ_ORIGIN(ret, buf[1]);
} }
void test_strtoull() { void test_strtoull() {
char buf[] = "ffffffffffffffaa"; char non_number_buf[] = "xy ";
char *endptr = NULL; char *endptr = NULL;
long long unsigned int ret = strtoull(non_number_buf, &endptr, 16);
assert(ret == 0);
assert(endptr == non_number_buf);
ASSERT_ZERO_LABEL(ret);
char buf[] = "ffffffffffffffaa";
int base = 16;
dfsan_set_label(k_label, &base, sizeof(base));
ret = strtoull(buf, &endptr, base);
assert(ret == 0xffffffffffffffaa);
assert(endptr == buf + 16);
ASSERT_LABEL(ret, k_label);
ASSERT_EQ_ORIGIN(ret, base);
dfsan_set_label(i_label, buf + 1, 1); dfsan_set_label(i_label, buf + 1, 1);
dfsan_set_label(j_label, buf + 2, 1); dfsan_set_label(j_label, buf + 2, 1);
long long unsigned int ret = strtoull(buf, &endptr, 16); ret = strtoull(buf, &endptr, 16);
assert(ret == 0xffffffffffffffaa); assert(ret == 0xffffffffffffffaa);
assert(endptr == buf + 16); assert(endptr == buf + 16);
ASSERT_LABEL(ret, i_j_label); ASSERT_LABEL(ret, i_j_label);
ASSERT_EQ_ORIGIN(ret, buf[1]);
} }
void test_strtod() { void test_strtod() {
char buf[] = "12345.76 foo"; char non_number_buf[] = "ab ";
char *endptr = NULL; char *endptr = NULL;
double ret = strtod(non_number_buf, &endptr);
assert(ret == 0);
assert(endptr == non_number_buf);
ASSERT_ZERO_LABEL(ret);
char buf[] = "12345.76 foo";
dfsan_set_label(i_label, buf + 1, 1); dfsan_set_label(i_label, buf + 1, 1);
dfsan_set_label(j_label, buf + 6, 1); dfsan_set_label(j_label, buf + 6, 1);
double ret = strtod(buf, &endptr); ret = strtod(buf, &endptr);
assert(ret == 12345.76); assert(ret == 12345.76);
assert(endptr == buf + 8); assert(endptr == buf + 8);
ASSERT_LABEL(ret, i_j_label); ASSERT_LABEL(ret, i_j_label);
ASSERT_EQ_ORIGIN(ret, buf[1]);
} }
void test_time() { void test_time() {
time_t t = 0; time_t t = 0;
dfsan_set_label(i_label, &t, 1); dfsan_set_label(i_label, &t, 1);
time_t ret = time(&t); time_t ret = time(&t);
assert(ret == t); assert(ret == t);
assert(ret > 0); assert(ret > 0);
▲ Show 20 LinesShow All 188 Lines▼ Show 20 Linesvoid test_sigaltstack() {
DEFINE_AND_SAVE_ORIGINS(old_altstack) DEFINE_AND_SAVE_ORIGINS(old_altstack)
int ret = sigaltstack(NULL, &old_altstack); int ret = sigaltstack(NULL, &old_altstack);
assert(ret == 0); assert(ret == 0);
ASSERT_ZERO_LABEL(ret); ASSERT_ZERO_LABEL(ret);
ASSERT_READ_ZERO_LABEL(&old_altstack, sizeof(old_altstack)); ASSERT_READ_ZERO_LABEL(&old_altstack, sizeof(old_altstack));
ASSERT_SAVED_ORIGINS(old_altstack) ASSERT_SAVED_ORIGINS(old_altstack)
} }
#if !defined(ORIGIN_TRACKING)
void test_gettimeofday() { void test_gettimeofday() {
struct timeval tv; struct timeval tv;
struct timezone tz; struct timezone tz;
dfsan_set_label(i_label, &tv, sizeof(tv)); dfsan_set_label(i_label, &tv, sizeof(tv));
dfsan_set_label(j_label, &tz, sizeof(tz)); dfsan_set_label(j_label, &tz, sizeof(tz));
DEFINE_AND_SAVE_ORIGINS(tv)
DEFINE_AND_SAVE_ORIGINS(tz)
int ret = gettimeofday(&tv, &tz); int ret = gettimeofday(&tv, &tz);
assert(ret == 0); assert(ret == 0);
ASSERT_READ_ZERO_LABEL(&tv, sizeof(tv)); ASSERT_READ_ZERO_LABEL(&tv, sizeof(tv));
ASSERT_READ_ZERO_LABEL(&tz, sizeof(tz)); ASSERT_READ_ZERO_LABEL(&tz, sizeof(tz));
ASSERT_SAVED_ORIGINS(tv)
ASSERT_SAVED_ORIGINS(tz)
} }
#endif // !defined(ORIGIN_TRACKING)
void *pthread_create_test_cb(void *p) { void *pthread_create_test_cb(void *p) {
assert(p == (void *)1); assert(p == (void *)1);
ASSERT_ZERO_LABEL(p); ASSERT_ZERO_LABEL(p);
return (void *)2; return (void *)2;
} }
void test_pthread_create() { void test_pthread_create() {
▲ Show 20 LinesShow All 44 Lines▼ Show 20 Linesvoid test__dl_get_tls_static_info() {
dfsan_origin alignp_o = dfsan_get_origin(alignp); dfsan_origin alignp_o = dfsan_get_origin(alignp);
_dl_get_tls_static_info(&sizep, &alignp); _dl_get_tls_static_info(&sizep, &alignp);
ASSERT_ZERO_LABEL(sizep); ASSERT_ZERO_LABEL(sizep);
ASSERT_ZERO_LABEL(alignp); ASSERT_ZERO_LABEL(alignp);
ASSERT_ORIGIN(sizep, sizep_o); ASSERT_ORIGIN(sizep, sizep_o);
ASSERT_ORIGIN(alignp, alignp_o); ASSERT_ORIGIN(alignp, alignp_o);
} }
#if !defined(ORIGIN_TRACKING)
void test_strrchr() { void test_strrchr() {
char str1[] = "str1str1"; char str1[] = "str1str1";
char *p = str1;
dfsan_set_label(j_label, &p, sizeof(p));
char *rv = strrchr(p, 'r');
assert(rv == &str1[6]);
#ifdef STRICT_DATA_DEPENDENCIES
ASSERT_LABEL(rv, j_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, p);
#else
ASSERT_LABEL(rv, j_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, p);
#endif
gbalatsUnsubmitted
Done
ReplyInline Actions

The if and else block here are the same.

gbalats: The if and else block here are the same.
stephan.yichao.zhaoAuthorUnsubmitted
Done
ReplyInline Actions

removed one branch. Thank you.

stephan.yichao.zhao: removed one branch. Thank you.
char c = 'r';
dfsan_set_label(k_label, &c, sizeof(c));
rv = strrchr(str1, c);
assert(rv == &str1[6]);
#ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(rv);
#else
ASSERT_LABEL(rv, k_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, c);
#endif
dfsan_set_label(i_label, &str1[7], 1); dfsan_set_label(i_label, &str1[7], 1);
char *rv = strrchr(str1, 'r'); rv = strrchr(str1, 'r');
assert(rv == &str1[6]); assert(rv == &str1[6]);
#ifdef STRICT_DATA_DEPENDENCIES #ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(rv); ASSERT_ZERO_LABEL(rv);
#else #else
ASSERT_LABEL(rv, i_label); ASSERT_LABEL(rv, i_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, str1[7]);
#endif #endif
} }
void test_strstr() { void test_strstr() {
char str1[] = "str1str1"; char str1[] = "str1str1";
char *p1 = str1;
dfsan_set_label(k_label, &p1, sizeof(p1));
char *rv = strstr(p1, "1s");
assert(rv == &str1[3]);
#ifdef STRICT_DATA_DEPENDENCIES
ASSERT_LABEL(rv, k_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, p1);
#else
ASSERT_LABEL(rv, k_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, p1);
#endif
gbalatsUnsubmitted
Done
ReplyInline Actions

Same here.

gbalats: Same here.
char str2[] = "1s";
char *p2 = str2;
dfsan_set_label(m_label, &p2, sizeof(p2));
rv = strstr(str1, p2);
assert(rv == &str1[3]);
#ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(rv);
#else
ASSERT_LABEL(rv, m_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, p2);
#endif
dfsan_set_label(n_label, &str2[0], 1);
rv = strstr(str1, str2);
assert(rv == &str1[3]);
#ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(rv);
#else
ASSERT_LABEL(rv, n_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, str2[0]);
#endif
dfsan_set_label(i_label, &str1[3], 1); dfsan_set_label(i_label, &str1[3], 1);
dfsan_set_label(j_label, &str1[5], 1); dfsan_set_label(j_label, &str1[5], 1);
char *rv = strstr(str1, "1s"); rv = strstr(str1, "1s");
assert(rv == &str1[3]); assert(rv == &str1[3]);
#ifdef STRICT_DATA_DEPENDENCIES #ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(rv); ASSERT_ZERO_LABEL(rv);
#else #else
ASSERT_LABEL(rv, i_label); ASSERT_LABEL(rv, i_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, str1[3]);
#endif #endif
rv = strstr(str1, "2s"); rv = strstr(str1, "2s");
assert(rv == NULL); assert(rv == NULL);
#ifdef STRICT_DATA_DEPENDENCIES #ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(rv); ASSERT_ZERO_LABEL(rv);
#else #else
ASSERT_LABEL(rv, i_j_label); ASSERT_LABEL(rv, i_j_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, str1[3]);
#endif #endif
} }
#endif // !defined(ORIGIN_TRACKING)
void test_strpbrk() { void test_strpbrk() {
char s[] = "abcdefg"; char s[] = "abcdefg";
char accept[] = "123fd"; char accept[] = "123fd";
char *p_s = s; char *p_s = s;
char *p_accept = accept; char *p_accept = accept;
▲ Show 20 LinesShow All 49 Lines▼ Show 20 Lines
#ifdef STRICT_DATA_DEPENDENCIES #ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(rv); ASSERT_ZERO_LABEL(rv);
#else #else
ASSERT_LABEL(rv, i_j_label); ASSERT_LABEL(rv, i_j_label);
ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, s[5]); ASSERT_INIT_ORIGIN_EQ_ORIGIN(&rv, s[5]);
#endif #endif
} }
#if !defined(ORIGIN_TRACKING)
void test_memchr() { void test_memchr() {
char str1[] = "str1"; char str1[] = "str1";
dfsan_set_label(i_label, &str1[3], 1); dfsan_set_label(i_label, &str1[3], 1);
dfsan_set_label(j_label, &str1[4], 1); dfsan_set_label(j_label, &str1[4], 1);
char *crv = (char *) memchr(str1, 'r', sizeof(str1)); char *crv = (char *) memchr(str1, 'r', sizeof(str1));
assert(crv == &str1[2]); assert(crv == &str1[2]);
ASSERT_ZERO_LABEL(crv); ASSERT_ZERO_LABEL(crv);
char c = 'r';
dfsan_set_label(k_label, &c, sizeof(c));
crv = (char *)memchr(str1, c, sizeof(str1));
assert(crv == &str1[2]);
#ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(crv);
#else
ASSERT_LABEL(crv, k_label);
ASSERT_EQ_ORIGIN(crv, c);
#endif
char *ptr = str1;
dfsan_set_label(k_label, &ptr, sizeof(ptr));
crv = (char *)memchr(ptr, 'r', sizeof(str1));
assert(crv == &str1[2]);
#ifdef STRICT_DATA_DEPENDENCIES
ASSERT_LABEL(crv, k_label);
ASSERT_EQ_ORIGIN(crv, ptr);
#else
gbalatsUnsubmitted
Done
ReplyInline Actions

Is this required?

gbalats: Is this required?
ASSERT_LABEL(crv, k_label);
ASSERT_EQ_ORIGIN(crv, ptr);
#endif
crv = (char *) memchr(str1, '1', sizeof(str1)); crv = (char *) memchr(str1, '1', sizeof(str1));
assert(crv == &str1[3]); assert(crv == &str1[3]);
#ifdef STRICT_DATA_DEPENDENCIES #ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(crv); ASSERT_ZERO_LABEL(crv);
#else #else
ASSERT_LABEL(crv, i_label); ASSERT_LABEL(crv, i_label);
ASSERT_EQ_ORIGIN(crv, str1[3]);
#endif #endif
crv = (char *) memchr(str1, 'x', sizeof(str1)); crv = (char *) memchr(str1, 'x', sizeof(str1));
assert(!crv); assert(!crv);
#ifdef STRICT_DATA_DEPENDENCIES #ifdef STRICT_DATA_DEPENDENCIES
ASSERT_ZERO_LABEL(crv); ASSERT_ZERO_LABEL(crv);
#else #else
ASSERT_LABEL(crv, i_j_label); ASSERT_LABEL(crv, i_j_label);
ASSERT_EQ_ORIGIN(crv, str1[3]);
#endif #endif
} }
void alarm_handler(int unused) { void alarm_handler(int unused) {
; ;
} }
void test_nanosleep() { void test_nanosleep() {
struct timespec req, rem; struct timespec req, rem;
req.tv_sec = 1; req.tv_sec = 1;
req.tv_nsec = 0; req.tv_nsec = 0;
dfsan_set_label(i_label, &rem, sizeof(rem)); dfsan_set_label(i_label, &rem, sizeof(rem));
DEFINE_AND_SAVE_ORIGINS(rem)
// non interrupted // non interrupted
int rv = nanosleep(&req, &rem); int rv = nanosleep(&req, &rem);
assert(rv == 0); assert(rv == 0);
ASSERT_ZERO_LABEL(rv); ASSERT_ZERO_LABEL(rv);
ASSERT_READ_LABEL(&rem, 1, i_label); ASSERT_READ_LABEL(&rem, 1, i_label);
ASSERT_SAVED_ORIGINS(rem)
// interrupted by an alarm // interrupted by an alarm
signal(SIGALRM, alarm_handler); signal(SIGALRM, alarm_handler);
req.tv_sec = 3; req.tv_sec = 3;
alarm(1); alarm(1);
rv = nanosleep(&req, &rem); rv = nanosleep(&req, &rem);
assert(rv == -1); assert(rv == -1);
ASSERT_ZERO_LABEL(rv); ASSERT_ZERO_LABEL(rv);
ASSERT_READ_ZERO_LABEL(&rem, sizeof(rem)); ASSERT_READ_ZERO_LABEL(&rem, sizeof(rem));
ASSERT_SAVED_ORIGINS(rem)
} }
void test_socketpair() { void test_socketpair() {
int fd[2]; int fd[2];
dfsan_origin fd_o[2];
dfsan_set_label(i_label, fd, sizeof(fd)); dfsan_set_label(i_label, fd, sizeof(fd));
fd_o[0] = dfsan_get_origin((long)(fd[0]));
fd_o[1] = dfsan_get_origin((long)(fd[1]));
int rv = socketpair(PF_LOCAL, SOCK_STREAM, 0, fd); int rv = socketpair(PF_LOCAL, SOCK_STREAM, 0, fd);
assert(rv == 0); assert(rv == 0);
ASSERT_ZERO_LABEL(rv); ASSERT_ZERO_LABEL(rv);
ASSERT_READ_ZERO_LABEL(fd, sizeof(fd)); ASSERT_READ_ZERO_LABEL(fd, sizeof(fd));
ASSERT_ORIGIN(fd[0], fd_o[0]);
ASSERT_ORIGIN(fd[1], fd_o[1]);
} }
void test_getpeername() { void test_getpeername() {
int sockfds[2]; int sockfds[2];
int ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sockfds); int ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, sockfds);
assert(ret != -1); assert(ret != -1);
struct sockaddr addr = {}; struct sockaddr addr = {};
socklen_t addrlen = sizeof(addr); socklen_t addrlen = sizeof(addr);
dfsan_set_label(i_label, &addr, addrlen); dfsan_set_label(i_label, &addr, addrlen);
dfsan_set_label(i_label, &addrlen, sizeof(addrlen)); dfsan_set_label(i_label, &addrlen, sizeof(addrlen));
DEFINE_AND_SAVE_ORIGINS(addr)
DEFINE_AND_SAVE_ORIGINS(addrlen)
ret = getpeername(sockfds[0], &addr, &addrlen); ret = getpeername(sockfds[0], &addr, &addrlen);
assert(ret != -1); assert(ret != -1);
ASSERT_ZERO_LABEL(ret); ASSERT_ZERO_LABEL(ret);
ASSERT_ZERO_LABEL(addrlen); ASSERT_ZERO_LABEL(addrlen);
assert(addrlen < sizeof(addr)); assert(addrlen < sizeof(addr));
ASSERT_READ_ZERO_LABEL(&addr, addrlen); ASSERT_READ_ZERO_LABEL(&addr, addrlen);
ASSERT_READ_LABEL(((char *)&addr) + addrlen, 1, i_label); ASSERT_READ_LABEL(((char *)&addr) + addrlen, 1, i_label);
ASSERT_SAVED_ORIGINS(addr)
ASSERT_SAVED_ORIGINS(addrlen)
close(sockfds[0]); close(sockfds[0]);
close(sockfds[1]); close(sockfds[1]);
} }
void test_getsockname() { void test_getsockname() {
int sockfd = socket(AF_UNIX, SOCK_DGRAM, 0); int sockfd = socket(AF_UNIX, SOCK_DGRAM, 0);
assert(sockfd != -1); assert(sockfd != -1);
struct sockaddr addr = {}; struct sockaddr addr = {};
socklen_t addrlen = sizeof(addr); socklen_t addrlen = sizeof(addr);
dfsan_set_label(i_label, &addr, addrlen); dfsan_set_label(i_label, &addr, addrlen);
dfsan_set_label(i_label, &addrlen, sizeof(addrlen)); dfsan_set_label(i_label, &addrlen, sizeof(addrlen));
DEFINE_AND_SAVE_ORIGINS(addr)
DEFINE_AND_SAVE_ORIGINS(addrlen)
int ret = getsockname(sockfd, &addr, &addrlen); int ret = getsockname(sockfd, &addr, &addrlen);
assert(ret != -1); assert(ret != -1);
ASSERT_ZERO_LABEL(ret); ASSERT_ZERO_LABEL(ret);
ASSERT_ZERO_LABEL(addrlen); ASSERT_ZERO_LABEL(addrlen);
assert(addrlen < sizeof(addr)); assert(addrlen < sizeof(addr));
ASSERT_READ_ZERO_LABEL(&addr, addrlen); ASSERT_READ_ZERO_LABEL(&addr, addrlen);
ASSERT_READ_LABEL(((char *)&addr) + addrlen, 1, i_label); ASSERT_READ_LABEL(((char *)&addr) + addrlen, 1, i_label);
ASSERT_SAVED_ORIGINS(addr)
ASSERT_SAVED_ORIGINS(addrlen)
close(sockfd); close(sockfd);
} }
void test_getsockopt() { void test_getsockopt() {
int sockfd = socket(AF_UNIX, SOCK_DGRAM, 0); int sockfd = socket(AF_UNIX, SOCK_DGRAM, 0);
assert(sockfd != -1); assert(sockfd != -1);
int optval[2] = {-1, -1}; int optval[2] = {-1, -1};
socklen_t optlen = sizeof(optval); socklen_t optlen = sizeof(optval);
dfsan_set_label(i_label, &optval, sizeof(optval)); dfsan_set_label(i_label, &optval, sizeof(optval));
dfsan_set_label(i_label, &optlen, sizeof(optlen)); dfsan_set_label(i_label, &optlen, sizeof(optlen));
DEFINE_AND_SAVE_ORIGINS(optval)
DEFINE_AND_SAVE_ORIGINS(optlen)
int ret = getsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, &optval, &optlen); int ret = getsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, &optval, &optlen);
assert(ret != -1); assert(ret != -1);
assert(optlen == sizeof(int)); assert(optlen == sizeof(int));
assert(optval[0] == 0); assert(optval[0] == 0);
assert(optval[1] == -1); assert(optval[1] == -1);
ASSERT_ZERO_LABEL(ret); ASSERT_ZERO_LABEL(ret);
ASSERT_ZERO_LABEL(optlen); ASSERT_ZERO_LABEL(optlen);
ASSERT_ZERO_LABEL(optval[0]); ASSERT_ZERO_LABEL(optval[0]);
ASSERT_LABEL(optval[1], i_label); ASSERT_LABEL(optval[1], i_label);
ASSERT_SAVED_ORIGINS(optval)
ASSERT_SAVED_ORIGINS(optlen)
close(sockfd); close(sockfd);
} }
#endif // !defined(ORIGIN_TRACKING)
void test_write() { void test_write() {
int fd = open("/dev/null", O_WRONLY); int fd = open("/dev/null", O_WRONLY);
char buf[] = "a string"; char buf[] = "a string";
int len = strlen(buf); int len = strlen(buf);
// The result of a write always unlabeled. // The result of a write always unlabeled.
int res = write(fd, buf, len); int res = write(fd, buf, len);
assert(res > 0); assert(res > 0);
ASSERT_ZERO_LABEL(res); ASSERT_ZERO_LABEL(res);
// Label all arguments to write(). // Label all arguments to write().
dfsan_set_label(i_label, &(buf[3]), 1); dfsan_set_label(i_label, &(buf[3]), 1);
dfsan_set_label(j_label, &fd, sizeof(fd)); dfsan_set_label(j_label, &fd, sizeof(fd));
dfsan_set_label(i_label, &len, sizeof(len)); dfsan_set_label(i_label, &len, sizeof(len));
// The value returned by write() should have no label. // The value returned by write() should have no label.
res = write(fd, buf, len); res = write(fd, buf, len);
ASSERT_ZERO_LABEL(res); ASSERT_ZERO_LABEL(res);
close(fd); close(fd);
} }
#if !defined(ORIGIN_TRACKING)
template <class T> template <class T>
void test_sprintf_chunk(const char* expected, const char* format, T arg) { void test_sprintf_chunk(const char* expected, const char* format, T arg) {
char buf[512]; char buf[512];
memset(buf, 'a', sizeof(buf)); memset(buf, 'a', sizeof(buf));
char padded_expected[512]; char padded_expected[512];
strcpy(padded_expected, "foo "); strcpy(padded_expected, "foo ");
strcat(padded_expected, expected); strcat(padded_expected, expected);
strcat(padded_expected, " bar"); strcat(padded_expected, " bar");
char padded_format[512]; char padded_format[512];
strcpy(padded_format, "foo "); strcpy(padded_format, "foo ");
strcat(padded_format, format); strcat(padded_format, format);
strcat(padded_format, " bar"); strcat(padded_format, " bar");
// Non labelled arg. // Non labelled arg.
assert(sprintf(buf, padded_format, arg) == strlen(padded_expected)); assert(sprintf(buf, padded_format, arg) == strlen(padded_expected));
assert(strcmp(buf, padded_expected) == 0); assert(strcmp(buf, padded_expected) == 0);
ASSERT_READ_LABEL(buf, strlen(padded_expected), 0); ASSERT_READ_LABEL(buf, strlen(padded_expected), 0);
memset(buf, 'a', sizeof(buf)); memset(buf, 'a', sizeof(buf));
// Labelled arg. // Labelled arg.
dfsan_set_label(i_label, &arg, sizeof(arg)); dfsan_set_label(i_label, &arg, sizeof(arg));
dfsan_origin a_o = dfsan_get_origin((long)(arg));
assert(sprintf(buf, padded_format, arg) == strlen(padded_expected)); assert(sprintf(buf, padded_format, arg) == strlen(padded_expected));
assert(strcmp(buf, padded_expected) == 0); assert(strcmp(buf, padded_expected) == 0);
ASSERT_READ_LABEL(buf, 4, 0); ASSERT_READ_LABEL(buf, 4, 0);
ASSERT_READ_LABEL(buf + 4, strlen(padded_expected) - 8, i_label); ASSERT_READ_LABEL(buf + 4, strlen(padded_expected) - 8, i_label);
ASSERT_INIT_ORIGINS(buf + 4, strlen(padded_expected) - 8, a_o);
ASSERT_READ_LABEL(buf + (strlen(padded_expected) - 4), 4, 0); ASSERT_READ_LABEL(buf + (strlen(padded_expected) - 4), 4, 0);
} }
void test_sprintf() { void test_sprintf() {
char buf[2048]; char buf[2048];
memset(buf, 'a', sizeof(buf)); memset(buf, 'a', sizeof(buf));
// Test formatting (no conversion specifier). // Test formatting (no conversion specifier).
assert(sprintf(buf, "Hello world!") == 12); assert(sprintf(buf, "Hello world!") == 12);
assert(strcmp(buf, "Hello world!") == 0); assert(strcmp(buf, "Hello world!") == 0);
ASSERT_READ_LABEL(buf, sizeof(buf), 0); ASSERT_READ_LABEL(buf, sizeof(buf), 0);
// Test for extra arguments. // Test for extra arguments.
assert(sprintf(buf, "Hello world!", 42, "hello") == 12); assert(sprintf(buf, "Hello world!", 42, "hello") == 12);
assert(strcmp(buf, "Hello world!") == 0); assert(strcmp(buf, "Hello world!") == 0);
ASSERT_READ_LABEL(buf, sizeof(buf), 0); ASSERT_READ_LABEL(buf, sizeof(buf), 0);
// Test formatting & label propagation (multiple conversion specifiers): %s, // Test formatting & label propagation (multiple conversion specifiers): %s,
// %d, %n, %f, and %%. // %d, %n, %f, and %%.
const char* s = "world"; const char* s = "world";
int m = 8; int m = 8;
int d = 27; int d = 27;
dfsan_set_label(k_label, (void *) (s + 1), 2); dfsan_set_label(k_label, (void *) (s + 1), 2);
dfsan_origin s_o = dfsan_get_origin((long)(s[1]));
dfsan_set_label(i_label, &m, sizeof(m)); dfsan_set_label(i_label, &m, sizeof(m));
dfsan_origin m_o = dfsan_get_origin((long)m);
dfsan_set_label(j_label, &d, sizeof(d)); dfsan_set_label(j_label, &d, sizeof(d));
dfsan_origin d_o = dfsan_get_origin((long)d);
int n; int n;
int r = sprintf(buf, "hello %s, %-d/%d/%d %f %% %n%d", s, 2014, m, d, int r = sprintf(buf, "hello %s, %-d/%d/%d %f %% %n%d", s, 2014, m, d,
12345.6781234, &n, 1000); 12345.6781234, &n, 1000);
assert(r == 42); assert(r == 42);
assert(strcmp(buf, "hello world, 2014/8/27 12345.678123 % 1000") == 0); assert(strcmp(buf, "hello world, 2014/8/27 12345.678123 % 1000") == 0);
ASSERT_READ_LABEL(buf, 7, 0); ASSERT_READ_LABEL(buf, 7, 0);
ASSERT_READ_LABEL(buf + 7, 2, k_label); ASSERT_READ_LABEL(buf + 7, 2, k_label);
ASSERT_INIT_ORIGINS(buf + 7, 2, s_o);
ASSERT_READ_LABEL(buf + 9, 9, 0); ASSERT_READ_LABEL(buf + 9, 9, 0);
ASSERT_READ_LABEL(buf + 18, 1, i_label); ASSERT_READ_LABEL(buf + 18, 1, i_label);
ASSERT_INIT_ORIGINS(buf + 18, 1, m_o);
ASSERT_READ_LABEL(buf + 19, 1, 0); ASSERT_READ_LABEL(buf + 19, 1, 0);
ASSERT_READ_LABEL(buf + 20, 2, j_label); ASSERT_READ_LABEL(buf + 20, 2, j_label);
ASSERT_INIT_ORIGINS(buf + 20, 2, d_o);
ASSERT_READ_LABEL(buf + 22, 15, 0); ASSERT_READ_LABEL(buf + 22, 15, 0);
ASSERT_LABEL(r, 0); ASSERT_LABEL(r, 0);
assert(n == 38); assert(n == 38);
// Test formatting & label propagation (single conversion specifier, with // Test formatting & label propagation (single conversion specifier, with
// additional length and precision modifiers). // additional length and precision modifiers).
test_sprintf_chunk("-559038737", "%d", 0xdeadbeef); test_sprintf_chunk("-559038737", "%d", 0xdeadbeef);
test_sprintf_chunk("3735928559", "%u", 0xdeadbeef); test_sprintf_chunk("3735928559", "%u", 0xdeadbeef);
Show All 33 Linesvoid test_snprintf() {
char buf[2048]; char buf[2048];
memset(buf, 'a', sizeof(buf)); memset(buf, 'a', sizeof(buf));
dfsan_set_label(0, buf, sizeof(buf)); dfsan_set_label(0, buf, sizeof(buf));
const char* s = "world"; const char* s = "world";
int y = 2014; int y = 2014;
int m = 8; int m = 8;
int d = 27; int d = 27;
dfsan_set_label(k_label, (void *) (s + 1), 2); dfsan_set_label(k_label, (void *) (s + 1), 2);
dfsan_origin s_o = dfsan_get_origin((long)(s[1]));
dfsan_set_label(i_label, &y, sizeof(y)); dfsan_set_label(i_label, &y, sizeof(y));
dfsan_origin y_o = dfsan_get_origin((long)y);
dfsan_set_label(j_label, &m, sizeof(m)); dfsan_set_label(j_label, &m, sizeof(m));
dfsan_origin m_o = dfsan_get_origin((long)m);
int r = snprintf(buf, 19, "hello %s, %-d/%d/%d %f", s, y, m, d, int r = snprintf(buf, 19, "hello %s, %-d/ %d/%d %f", s, y, m, d,
12345.6781234); 12345.6781234);
// The return value is the number of bytes that would have been written to // The return value is the number of bytes that would have been written to
// the final string if enough space had been available. // the final string if enough space had been available.
assert(r == 35); assert(r == 38);
assert(memcmp(buf, "hello world, 2014/", 19) == 0); assert(memcmp(buf, "hello world, 2014/", 19) == 0);
ASSERT_READ_LABEL(buf, 7, 0); ASSERT_READ_LABEL(buf, 7, 0);
ASSERT_READ_LABEL(buf + 7, 2, k_label); ASSERT_READ_LABEL(buf + 7, 2, k_label);
ASSERT_INIT_ORIGINS(buf + 7, 2, s_o);
ASSERT_READ_LABEL(buf + 9, 4, 0); ASSERT_READ_LABEL(buf + 9, 4, 0);
ASSERT_READ_LABEL(buf + 13, 4, i_label); ASSERT_READ_LABEL(buf + 13, 4, i_label);
ASSERT_INIT_ORIGINS(buf + 13, 4, y_o);
ASSERT_READ_LABEL(buf + 17, 2, 0); ASSERT_READ_LABEL(buf + 17, 2, 0);
ASSERT_LABEL(r, 0); ASSERT_LABEL(r, 0);
} }
#endif // !defined(ORIGIN_TRACKING)
// Tested by a seperate source file. This empty function is here to appease the // Tested by a seperate source file. This empty function is here to appease the
// check-wrappers script. // check-wrappers script.
void test_fork() {} void test_fork() {}
int main(void) { int main(void) {
#ifdef FAST_16_LABELS #ifdef FAST_16_LABELS
i_label = 1; i_label = 1;
Show All 28 Lines#if !defined(ORIGIN_TRACKING)
test_fgets(); test_fgets();
#endif // !defined(ORIGIN_TRACKING) #endif // !defined(ORIGIN_TRACKING)
test_fork(); test_fork();
test_fstat(); test_fstat();
#if !defined(ORIGIN_TRACKING) #if !defined(ORIGIN_TRACKING)
test_get_current_dir_name(); test_get_current_dir_name();
test_getcwd(); test_getcwd();
test_gethostname(); test_gethostname();
#endif // !defined(ORIGIN_TRACKING)
test_getpeername(); test_getpeername();
#if !defined(ORIGIN_TRACKING)
test_getpwuid_r(); test_getpwuid_r();
test_getrlimit(); test_getrlimit();
test_getrusage(); test_getrusage();
#endif // !defined(ORIGIN_TRACKING)
test_getsockname(); test_getsockname();
test_getsockopt(); test_getsockopt();
test_gettimeofday(); test_gettimeofday();
#if !defined(ORIGIN_TRACKING)
test_inet_pton(); test_inet_pton();
test_localtime_r(); test_localtime_r();
test_memchr();
#endif // !defined(ORIGIN_TRACKING) #endif // !defined(ORIGIN_TRACKING)
test_memchr();
test_memcmp(); test_memcmp();
test_memcpy(); test_memcpy();
test_memmove(); test_memmove();
test_memset(); test_memset();
#if !defined(ORIGIN_TRACKING)
test_nanosleep(); test_nanosleep();
#if !defined(ORIGIN_TRACKING)
test_poll(); test_poll();
#endif // !defined(ORIGIN_TRACKING) #endif // !defined(ORIGIN_TRACKING)
test_pread(); test_pread();
test_pthread_create(); test_pthread_create();
test_pthread_join(); test_pthread_join();
test_read(); test_read();
#if !defined(ORIGIN_TRACKING)
test_recvmmsg(); test_recvmmsg();
test_recvmsg(); test_recvmsg();
test_sched_getaffinity(); test_sched_getaffinity();
test_select(); test_select();
#endif // !defined(ORIGIN_TRACKING)
test_sigaction(); test_sigaction();
test_signal(); test_signal();
test_sigaltstack(); test_sigaltstack();
test_sigemptyset(); test_sigemptyset();
#if !defined(ORIGIN_TRACKING)
test_snprintf(); test_snprintf();
test_socketpair(); test_socketpair();
test_sprintf(); test_sprintf();
#endif // !defined(ORIGIN_TRACKING)
test_stat(); test_stat();
test_strcasecmp(); test_strcasecmp();
test_strchr(); test_strchr();
test_strcmp(); test_strcmp();
test_strcat(); test_strcat();
#if !defined(ORIGIN_TRACKING) #if !defined(ORIGIN_TRACKING)
test_strcpy(); test_strcpy();
#endif // !defined(ORIGIN_TRACKING) #endif // !defined(ORIGIN_TRACKING)
test_strdup(); test_strdup();
test_strlen(); test_strlen();
test_strncasecmp(); test_strncasecmp();
test_strncmp(); test_strncmp();
test_strncpy(); test_strncpy();
test_strpbrk(); test_strpbrk();
#if !defined(ORIGIN_TRACKING)
test_strrchr(); test_strrchr();
test_strstr(); test_strstr();
test_strtod(); test_strtod();
test_strtol(); test_strtol();
test_strtoll(); test_strtoll();
test_strtoul(); test_strtoul();
test_strtoull(); test_strtoull();
#if !defined(ORIGIN_TRACKING)
test_time(); test_time();
#endif // !defined(ORIGIN_TRACKING) #endif // !defined(ORIGIN_TRACKING)
test_write(); test_write();
} }