get*ent: be consistant about _ALIGN(p) - p
Add an nscache specific inline function to calculate the misalignment rather than adding and subtracting _ALIGN(p) and p which can take the buffer far out of bound (undefined behavior in C and unsupported on CHERI). Reviewed by: kib Effort: CHERI upstreaming Obtained from: CheriBSD Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D53945
This commit is contained in:
@@ -347,16 +347,16 @@ grp_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
|
||||
memcpy(&p, buffer + sizeof(struct group), sizeof(char *));
|
||||
|
||||
if (orig_buf_size + sizeof(struct group) + sizeof(char *) +
|
||||
_ALIGN(p) - (size_t)p < buffer_size) {
|
||||
__nss_buf_misalignment(p) < buffer_size) {
|
||||
*ret_errno = ERANGE;
|
||||
return (NS_RETURN);
|
||||
}
|
||||
|
||||
orig_buf = (char *)_ALIGN(orig_buf);
|
||||
memcpy(orig_buf, buffer + sizeof(struct group) + sizeof(char *) +
|
||||
_ALIGN(p) - (size_t)p,
|
||||
__nss_buf_misalignment(p),
|
||||
buffer_size - sizeof(struct group) - sizeof(char *) -
|
||||
_ALIGN(p) + (size_t)p);
|
||||
__nss_buf_misalignment(p));
|
||||
p = (char *)_ALIGN(p);
|
||||
|
||||
NS_APPLY_OFFSET(grp->gr_name, orig_buf, p, char *);
|
||||
|
||||
@@ -29,6 +29,8 @@
|
||||
#ifndef __NS_CACHE_H__
|
||||
#define __NS_CACHE_H__
|
||||
|
||||
#include <sys/_align.h>
|
||||
|
||||
#include "nscachedcli.h"
|
||||
|
||||
typedef int (*nss_cache_id_func_t)(char *, size_t *, va_list, void *);
|
||||
@@ -178,6 +180,12 @@ typedef struct _nss_cache_data {
|
||||
} nss_cache_data;
|
||||
|
||||
__BEGIN_DECLS
|
||||
static inline __ptrdiff_t
|
||||
__nss_buf_misalignment(const void *p)
|
||||
{
|
||||
return ((char *)_ALIGN(p) - (char *)p);
|
||||
}
|
||||
|
||||
/* dummy function, which is needed to make nss_method_lookup happy */
|
||||
extern int __nss_cache_handler(void *, void *, va_list);
|
||||
|
||||
|
||||
@@ -402,9 +402,9 @@ host_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
|
||||
|
||||
orig_buf = (char *)_ALIGN(orig_buf);
|
||||
memcpy(orig_buf, buffer + sizeof(struct hostent) + sizeof(char *) +
|
||||
_ALIGN(p) - (size_t)p,
|
||||
__nss_buf_misalignment(p),
|
||||
buffer_size - sizeof(struct hostent) - sizeof(char *) -
|
||||
_ALIGN(p) + (size_t)p);
|
||||
__nss_buf_misalignment(p));
|
||||
p = (char *)_ALIGN(p);
|
||||
|
||||
NS_APPLY_OFFSET(ht->h_name, orig_buf, p, char *);
|
||||
|
||||
@@ -249,9 +249,9 @@ net_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
|
||||
|
||||
orig_buf = (char *)_ALIGN(orig_buf);
|
||||
memcpy(orig_buf, buffer + sizeof(struct netent) + sizeof(char *) +
|
||||
_ALIGN(p) - (size_t)p,
|
||||
__nss_buf_misalignment(p),
|
||||
buffer_size - sizeof(struct netent) - sizeof(char *) -
|
||||
_ALIGN(p) + (size_t)p);
|
||||
__nss_buf_misalignment(p));
|
||||
p = (char *)_ALIGN(p);
|
||||
|
||||
NS_APPLY_OFFSET(ne->n_name, orig_buf, p, char *);
|
||||
|
||||
@@ -265,9 +265,9 @@ __proto_unmarshal_func(char *buffer, size_t buffer_size, void *retval,
|
||||
|
||||
orig_buf = (char *)_ALIGN(orig_buf);
|
||||
memcpy(orig_buf, buffer + sizeof(struct protoent) + sizeof(char *) +
|
||||
_ALIGN(p) - (size_t)p,
|
||||
__nss_buf_misalignment(p),
|
||||
buffer_size - sizeof(struct protoent) - sizeof(char *) -
|
||||
_ALIGN(p) + (size_t)p);
|
||||
__nss_buf_misalignment(p));
|
||||
p = (char *)_ALIGN(p);
|
||||
|
||||
NS_APPLY_OFFSET(proto->p_name, orig_buf, p, char *);
|
||||
|
||||
@@ -1084,9 +1084,9 @@ serv_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
|
||||
|
||||
orig_buf = (char *)_ALIGN(orig_buf);
|
||||
memcpy(orig_buf, buffer + sizeof(struct servent) + sizeof(char *) +
|
||||
(_ALIGN(p) - (size_t)p),
|
||||
__nss_buf_misalignment(p),
|
||||
buffer_size - sizeof(struct servent) - sizeof(char *) -
|
||||
(_ALIGN(p) - (size_t)p));
|
||||
__nss_buf_misalignment(p));
|
||||
p = (char *)_ALIGN(p);
|
||||
|
||||
NS_APPLY_OFFSET(serv->s_name, orig_buf, p, char *);
|
||||
|
||||
@@ -778,9 +778,9 @@ rpc_unmarshal_func(char *buffer, size_t buffer_size, void *retval, va_list ap,
|
||||
|
||||
orig_buf = (char *)_ALIGN(orig_buf);
|
||||
memcpy(orig_buf, buffer + sizeof(struct rpcent) + sizeof(char *) +
|
||||
_ALIGN(p) - (size_t)p,
|
||||
__nss_buf_misalignment(p),
|
||||
buffer_size - sizeof(struct rpcent) - sizeof(char *) -
|
||||
_ALIGN(p) + (size_t)p);
|
||||
__nss_buf_misalignment(p));
|
||||
p = (char *)_ALIGN(p);
|
||||
|
||||
NS_APPLY_OFFSET(rpc->r_name, orig_buf, p, char *);
|
||||
|
||||
Reference in New Issue
Block a user