From: <da...@us...> - 2003-04-12 21:01:31
|
Update of /cvsroot/cerber/cerb-ng/kcerb In directory sc8-pr-cvs1:/tmp/cvs-serv25640/kcerb Modified Files: Tag: RELEASE_1_0 cerb_action.c cerb_addons.c cerb_addons.h cerb_globals.h cerb_gregs.c cerb_macros.h cerb_main.c cerb_rules.c cerb_string.c Log Message: This commit fix bug with changing syscall arguments value. Reported by: Marcel Falkiewicz <fa...@da...> Obtained from: HEAD branch. Index: cerb_action.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_action.c,v retrieving revision 1.96.2.2 retrieving revision 1.96.2.3 diff -C2 -d -r1.96.2.2 -r1.96.2.3 *** cerb_action.c 8 Apr 2003 23:04:52 -0000 1.96.2.2 --- cerb_action.c 12 Apr 2003 21:00:12 -0000 1.96.2.3 *************** *** 122,136 **** { register struct scb_val *lastv, *vp; ! size_t size; ! u_int i, j, nv; int error; - union { - int *set_val; - char ***set_strp; - void **set_ptr; - } set_union; - #define set_val set_union.set_val - #define set_strp set_union.set_strp - #define set_ptr set_union.set_ptr if (nvals < 2) { --- 122,127 ---- { register struct scb_val *lastv, *vp; ! u_int i, nv; int error; if (nvals < 2) { *************** *** 148,168 **** if (vp->v_id == ECB_REG_I) { fcb_regfree(th, nv); ! th->thd_regs[nv].v_type = lastv->v_type; ! th->thd_regs[nv].v_size = lastv->v_size; ! set_val = &th->thd_regs[nv].v_val; ! } else if (vp->v_id == ECB_GREG_I) { fcb_gregs_set(th, lastv, nv); ! continue; ! } else if (vp->v_id == ECB_ARG_I) { error = fcb_checkdef(lastv->v_val, lastv->v_type, ! vp->v_type); if (error != 0) { #ifdef CB_DEBUG_OPERR ! MCB_DEBUG("Out of range [argno: %u].", i); #endif th->thd_errno = EINVAL; return; } ! set_val = &th->thd_uap[nv]; } else { MCB_ASSERT(0, "Invalid ID of argument %u: %s (should " --- 139,189 ---- if (vp->v_id == ECB_REG_I) { fcb_regfree(th, nv); ! fcb_argreg_set(th, &th->thd_regs[nv], lastv, ! CB_SYS_ZONE); ! } else if (vp->v_id == ECB_GREG_I) fcb_gregs_set(th, lastv, nv); ! else if (vp->v_id == ECB_ARG_I) { ! struct scb_val tmpv; ! u_int nargs, type; ! ! nargs = MCB_NARGS(th->thd_syscall); ! if (nv >= nargs) { ! if (nargs == 0) { ! MCB_XCONFERR(th, EINVAL, "Invalid " ! "number of argument for syscall " ! "%s: %u (no arguments avaliable).", ! syscallnames[th->thd_syscall], nv); ! } else { ! MCB_XCONFERR(th, EINVAL, "Invalid " ! "number of argument for syscall " ! "%s: %u (should be less than %u).", ! syscallnames[th->thd_syscall], nv, ! nargs); ! } ! } ! if (tcb_argtype[th->thd_syscall][0] == CB_EMPTY_T) { ! MCB_XCONFERR(th, EINVAL, "Can't operate on " ! "arguments for syscall %s.", ! syscallnames[th->thd_syscall]); ! } ! type = tcb_argtype[th->thd_syscall][nv]; ! if (type == CB_UNKNOWN_T || type >= CB_MAXTYPE_T) { ! MCB_XCONFERR(th, EINVAL, "Can't operate on argument's " ! "%u type %u for syscall %s.", nv, type, ! syscallnames[th->thd_syscall]); ! } ! error = fcb_checkdef(lastv->v_val, lastv->v_type, ! tcb_argtype[th->thd_syscall][nv]); if (error != 0) { #ifdef CB_DEBUG_OPERR ! MCB_DEBUG("Out of range or invalid type " ! "[argno: %u].", i); #endif th->thd_errno = EINVAL; return; } ! fcb_argreg_set(th, &tmpv, lastv, CB_USR_ZONE); ! th->thd_uap[nv] = tmpv.v_val; } else { MCB_ASSERT(0, "Invalid ID of argument %u: %s (should " *************** *** 171,293 **** tcb_idname[ECB_ARG_I]); } - - switch(lastv->v_type) { - case CB_DEF_T: - case CB_UDEF_T: - *set_val = lastv->v_val; - size = 0; - break; - case CB_STR_T: - size = lastv->v_size; - break; - case CB_DEFPTR_T: - size = lastv->v_size * sizeof(register_t); - break; - case CB_UDEFPTR_T: - size = lastv->v_size * sizeof(u_register_t); - break; - case CB_STRPTR_T: - if (vp->v_id == ECB_REG_I) { - if (lastv->v_strp == NULL) { - th->thd_errno = EFAULT; - *set_strp = NULL; - goto end_strptr; - } - *set_strp = fcb_malloc(__func__, - lastv->v_size * sizeof(char *)); - for (j = 0; j < lastv->v_size; ++j) { - if (lastv->v_strp[j] == NULL) { - (*set_strp)[j] = NULL; - continue; - } - size = strlen(lastv->v_strp[j]) + 1; - (*set_strp)[j] = fcb_malloc(__func__, - size); - memcpy((*set_strp)[j], lastv->v_strp[j], - size); - } - } else if (vp->v_id == ECB_ARG_I) { - if (lastv->v_strp == NULL) { - th->thd_errno = EFAULT; - *set_strp = NULL; - goto end_strptr; - } - *set_strp = fcb_usm_alloc(th, - lastv->v_size * sizeof(char *)); - for (j = 0; j < lastv->v_size; ++j) { - if (lastv->v_strp[j] == NULL) { - (*set_strp)[j] = NULL; - continue; - } - size = strlen(lastv->v_strp[j]) + 1; - (*set_strp)[j] = fcb_usm_alloc(th, - size); - memcpy((*set_strp)[j], lastv->v_strp[j], - size); - } - } else { - MCB_ASSERT(0, "Invalid ID of argument %u: %s " - "(should be %s or %s).", i, - tcb_idname[vp->v_id], tcb_idname[ECB_REG_I], - tcb_idname[ECB_ARG_I]); - } - end_strptr: - size = 0; - break; - case CB_ST_PRISON_T: - size = sizeof(struct prison); - break; - case CB_ST_SOCKADDR_IN_T: - size = sizeof(struct sockaddr_in); - break; - case CB_PTR_T: - size = lastv->v_size; - if (size == 0) { - MCB_XCONFERR(th, EFAULT, "Sizeof pointer value " - "isn't know [argno: %u].", i); - } - break; - default: - MCB_ASSERT(0, "Invalid type of last(%u) argument: %s.", - nvals - 1, tcb_typename[lastv->v_type]); - } - - if (size == 0) { - /* - * Only when everythings goes fine we're - * marking register as non-empty. - */ - if (v[i]->v_id == ECB_REG_I) - th->thd_regs[nv].v_id = ECB_CONST_I; - continue; - } - - if (vp->v_id == ECB_REG_I) { - if (lastv->v_ptr == NULL) { - th->thd_errno = EFAULT; - *set_ptr = NULL; - th->thd_regs[nv].v_id = ECB_CONST_I; - continue; - } - *set_ptr = fcb_malloc(__func__, size); - th->thd_regs[nv].v_id = ECB_CONST_I; - } else if (vp->v_id == ECB_ARG_I) { - if (lastv->v_ptr == NULL) { - th->thd_errno = EFAULT; - *set_ptr = NULL; - continue; - } - *set_ptr = fcb_usm_alloc(th, size); - } else { - MCB_ASSERT(0, "Invalid ID of argument %u: %s (should " - "be %s or %s).", i, tcb_idname[vp->v_id], - tcb_idname[ECB_REG_I], tcb_idname[ECB_ARG_I]); - } - memcpy(*set_ptr, lastv->v_ptr, size); } - - #undef set_val - #undef set_strp - #undef set_ptr } --- 192,196 ---- Index: cerb_addons.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_addons.c,v retrieving revision 1.20.2.1 retrieving revision 1.20.2.2 diff -C2 -d -r1.20.2.1 -r1.20.2.2 *** cerb_addons.c 20 Mar 2003 21:51:17 -0000 1.20.2.1 --- cerb_addons.c 12 Apr 2003 21:00:32 -0000 1.20.2.2 *************** *** 18,24 **** --- 18,26 ---- #include <sys/dirent.h> #include <sys/sysctl.h> + #include <sys/jail.h> #include "cerb_globals.h" #include "cerb_malloc.h" + #include "cerb_usmalloc.h" #include "cerb_rules.h" #include "cerb_macros.h" *************** *** 337,339 **** --- 339,455 ---- return (s); + } + + void + fcb_argreg_set(struct scb_thdata *th, struct scb_val *lv, struct scb_val *rv, + u_int zone) + { + register u_int i; + size_t size; + + switch(rv->v_type) { + case CB_DEF_T: + case CB_UDEF_T: + lv->v_val = rv->v_val; + lv->v_size = 0; + goto end; + case CB_STR_T: + lv->v_size = rv->v_size; + size = sizeof(char) * rv->v_size; + break; + case CB_DEFPTR_T: + lv->v_size = rv->v_size; + size = rv->v_size * sizeof(register_t); + break; + case CB_UDEFPTR_T: + lv->v_size = rv->v_size; + size = rv->v_size * sizeof(u_register_t); + break; + case CB_STRPTR_T: { + char **strp, **tmpstrp; + + strp = rv->v_strp; + if (strp == NULL) { + th->thd_errno = EFAULT; + rv->v_strp = NULL; + rv->v_size = 0; + goto end; + } + if (zone == CB_SYS_ZONE) { + tmpstrp = lv->v_strp = fcb_malloc(__func__, + rv->v_size * sizeof(char *)); + for (i = 0; i < rv->v_size; ++i) { + if (strp[i] == NULL) { + tmpstrp[i] = NULL; + continue; + } + size = strlen(strp[i]) + 1; + tmpstrp[i] = fcb_malloc(__func__, size); + memcpy(tmpstrp[i], strp[i], size); + } + } else if (zone == CB_USR_ZONE) { + tmpstrp = lv->v_strp = fcb_usm_alloc(th, + rv->v_size * sizeof(char *)); + for (i = 0; i < rv->v_size; ++i) { + if (strp[i] == NULL) { + tmpstrp[i] = NULL; + continue; + } + size = strlen(strp[i]) + 1; + tmpstrp[i] = fcb_usm_alloc(th, size); + memcpy(tmpstrp[i], strp[i], size); + } + } else { + MCB_ASSERT(0, "Invalid zone: %u here.", zone); + } + lv->v_size = rv->v_size; + goto end; + break; + } + case CB_ST_PRISON_T: + lv->v_size = sizeof(struct prison); + size = sizeof(struct prison); + break; + case CB_ST_SOCKADDR_IN_T: + lv->v_size = sizeof(struct sockaddr_in); + size = sizeof(struct sockaddr_in); + break; + case CB_PTR_T: + lv->v_size = rv->v_size; + size = rv->v_size; + if (lv->v_size == 0) { + th->thd_errno = EINVAL; + goto end; + } + break; + #ifdef CB_INVARIANTS + default: + MCB_ASSERT(0, "Invalid argument's type: %u here.", rv->v_type); + #endif + } + + if (rv->v_ptr == NULL) { + th->thd_errno = EFAULT; + lv->v_ptr = NULL; + goto end; + } + + if (zone == CB_SYS_ZONE) { + lv->v_ptr = fcb_malloc(__func__, size); + } else + #ifdef CB_INVARIANTS + if (zone == CB_USR_ZONE) + #endif + { + lv->v_ptr = fcb_usm_alloc(th, size); + #ifdef CB_INVARIANTS + } else { + MCB_ASSERT(0, "Invalid zone: %u here.", zone); + #endif + } + + memcpy(lv->v_ptr, rv->v_ptr, size); + end: + lv->v_id = ECB_CONST_I; + lv->v_type = rv->v_type; } Index: cerb_addons.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_addons.h,v retrieving revision 1.17 retrieving revision 1.17.2.1 diff -C2 -d -r1.17 -r1.17.2.1 *** cerb_addons.h 22 Feb 2003 17:24:28 -0000 1.17 --- cerb_addons.h 12 Apr 2003 21:00:35 -0000 1.17.2.1 *************** *** 14,17 **** --- 14,18 ---- #include <sys/proc.h> #include <sys/queue.h> + #include <sys/uio.h> *************** *** 49,52 **** --- 50,55 ---- char *fcb_ipv4str(u_int32_t ip); char *fcb_ipv6str(u_int8_t *ip); + void fcb_argreg_set(struct scb_thdata *th, struct scb_val *lv, + struct scb_val *rv, u_int zone); #endif /* _CERB_ADDONS_H_ */ Index: cerb_globals.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_globals.h,v retrieving revision 1.39.2.5 retrieving revision 1.39.2.6 diff -C2 -d -r1.39.2.5 -r1.39.2.6 *** cerb_globals.h 9 Apr 2003 15:09:52 -0000 1.39.2.5 --- cerb_globals.h 12 Apr 2003 21:00:42 -0000 1.39.2.6 *************** *** 53,56 **** --- 53,59 ---- #define CB_EMPTYSTR_G "[empty]" + #define CB_SYS_ZONE 0 + #define CB_USR_ZONE 1 + #endif /* _KERNEL || TESTS || !LISTER */ Index: cerb_gregs.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_gregs.c,v retrieving revision 1.8.2.1 retrieving revision 1.8.2.2 diff -C2 -d -r1.8.2.1 -r1.8.2.2 *** cerb_gregs.c 20 Mar 2003 21:51:19 -0000 1.8.2.1 --- cerb_gregs.c 12 Apr 2003 21:00:44 -0000 1.8.2.2 *************** *** 24,27 **** --- 24,28 ---- #include "cerb_thread.h" #include "cerb_lock.h" + #include "cerb_addons.h" #include "cerb_gregs.h" *************** *** 54,60 **** { struct scb_val *tmpv; - size_t size; - char **strp, **tmpstrp; - register u_int i; if (ngreg >= CB_NGREGS_G) { --- 55,58 ---- *************** *** 67,132 **** fcb_gregs_free(ngreg); - tmpv = &tcb_gregs[ngreg].gr_value; ! ! switch(val->v_type) { ! case CB_DEF_T: ! case CB_UDEF_T: ! tmpv->v_val = val->v_val; ! tmpv->v_size = 0; ! goto end; ! case CB_STR_T: ! tmpv->v_size = val->v_size; ! break; ! case CB_DEFPTR_T: ! tmpv->v_size = val->v_size * sizeof(register_t); ! break; ! case CB_UDEFPTR_T: ! tmpv->v_size = val->v_size * sizeof(u_register_t); ! break; ! case CB_STRPTR_T: ! strp = val->v_strp; ! if (strp == NULL) { ! th->thd_errno = EFAULT; ! tmpv->v_strp = NULL; ! tmpv->v_size = 0; ! goto end; ! } ! tmpstrp = tmpv->v_strp = fcb_malloc(__func__, ! val->v_size * sizeof(char *)); ! for (i = 0; i < val->v_size; ++i) { ! if (strp[i] == NULL) { ! tmpstrp[i] = NULL; ! continue; ! } ! size = strlen(strp[i]) + 1; ! tmpstrp[i] = fcb_malloc(__func__, size); ! memcpy(tmpstrp[i], strp[i], size); ! } ! tmpv->v_size = val->v_size; ! goto end; ! break; ! case CB_ST_PRISON_T: ! tmpv->v_size = sizeof(struct prison); ! break; ! case CB_ST_SOCKADDR_IN_T: ! tmpv->v_size = sizeof(struct sockaddr_in); ! break; ! case CB_PTR_T: ! tmpv->v_size = val->v_size; ! if (tmpv->v_size == 0) { ! th->thd_errno = EINVAL; ! goto end; ! } ! break; ! default: ! MCB_ASSERT(0, "Invalid argument's type: %u here.", val->v_type); ! } ! ! tmpv->v_ptr = fcb_malloc(__func__, tmpv->v_size); ! memcpy(tmpv->v_ptr, val->v_ptr, tmpv->v_size); ! end: ! tmpv->v_id = ECB_CONST_I; ! tmpv->v_type = val->v_type; th->thd_grlock = -1; --- 65,70 ---- fcb_gregs_free(ngreg); tmpv = &tcb_gregs[ngreg].gr_value; ! fcb_argreg_set(th, tmpv, val, CB_SYS_ZONE); th->thd_grlock = -1; *************** *** 203,211 **** for (i = 0; i < CB_NGREGS_G; ++i) { if (tcb_gregs[i].gr_rproc == p) { ! MCB_DEBUG("Gregs: %s exited.\n", p->p_comm); tcb_gregs[i].gr_rproc = NULL; } if (tcb_gregs[i].gr_wproc == p) { ! MCB_DEBUG("Gregs: %s exited.\n", p->p_comm); tcb_gregs[i].gr_wproc = NULL; } --- 141,149 ---- for (i = 0; i < CB_NGREGS_G; ++i) { if (tcb_gregs[i].gr_rproc == p) { ! MCB_DEBUG("Gregs: %s exited.", p->p_comm); tcb_gregs[i].gr_rproc = NULL; } if (tcb_gregs[i].gr_wproc == p) { ! MCB_DEBUG("Gregs: %s exited.", p->p_comm); tcb_gregs[i].gr_wproc = NULL; } Index: cerb_macros.h =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_macros.h,v retrieving revision 1.30 retrieving revision 1.30.2.1 diff -C2 -d -r1.30 -r1.30.2.1 *** cerb_macros.h 16 Mar 2003 15:52:21 -0000 1.30 --- cerb_macros.h 12 Apr 2003 21:00:45 -0000 1.30.2.1 *************** *** 54,57 **** --- 54,62 ---- /* + * This macro returns number of arguments for specified syscall. + */ + #define MCB_NARGS(syscall) (sysent[(syscall)].sy_narg & SYF_ARGMASK) + + /* * This macro returns number of actual syscall. */ Index: cerb_main.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_main.c,v retrieving revision 1.29.2.3 retrieving revision 1.29.2.4 diff -C2 -d -r1.29.2.3 -r1.29.2.4 *** cerb_main.c 8 Apr 2003 16:32:30 -0000 1.29.2.3 --- cerb_main.c 12 Apr 2003 21:00:48 -0000 1.29.2.4 *************** *** 41,49 **** for (j = 0; tcb_argtype[i][j] != CB_EMPTY_T; ++j) ; ! if (j == (sysent[i].sy_narg & SYF_ARGMASK)) continue; printf("CerbNG: ERROR: Desynch with number of arguments " "for syscall %s (%u != %u), better unload cerb.\n", ! syscallnames[i], sysent[i].sy_narg & SYF_ARGMASK, j); return; } --- 41,49 ---- for (j = 0; tcb_argtype[i][j] != CB_EMPTY_T; ++j) ; ! if (j == MCB_NARGS(i)) continue; printf("CerbNG: ERROR: Desynch with number of arguments " "for syscall %s (%u != %u), better unload cerb.\n", ! syscallnames[i], MCB_NARGS(i), j); return; } Index: cerb_rules.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_rules.c,v retrieving revision 1.57.2.2 retrieving revision 1.57.2.3 diff -C2 -d -r1.57.2.2 -r1.57.2.3 *** cerb_rules.c 9 Apr 2003 15:09:52 -0000 1.57.2.2 --- cerb_rules.c 12 Apr 2003 21:00:50 -0000 1.57.2.3 *************** *** 133,137 **** u_int narg; ! narg = (sysent[th->thd_syscall].sy_narg & SYF_ARGMASK); if (narg == 0) { MCB_XCONFERR(th, EINVAL, "Invalid number of argument " --- 133,137 ---- u_int narg; ! narg = MCB_NARGS(th->thd_syscall); if (narg == 0) { MCB_XCONFERR(th, EINVAL, "Invalid number of argument " *************** *** 465,468 **** --- 465,469 ---- * can't be an empty register. */ + /* XXX: ERROR!!!! */ if (rule->r_nfun == CB_SET_O && (rule->r_args[larg].v_id == ECB_REG_I || *************** *** 472,475 **** --- 473,477 ---- MCB_XCONFERR(th, EINVAL, "Last register is empty."); } + /* ERROR!!!! :XXX */ for (i = 0; i <= larg; ++i) { arg = &rule->r_args[i]; *************** *** 483,488 **** arg->v_id != ECB_ARG_I) { MCB_XCONFERR(th, EINVAL, "Invalid " ! "argument %u ID: %u.", i, ! arg->v_id); } vals[i] = arg; --- 485,490 ---- arg->v_id != ECB_ARG_I) { MCB_XCONFERR(th, EINVAL, "Invalid " ! "argument %u ID: %s.", i, ! tcb_idname[arg->v_id]); } vals[i] = arg; Index: cerb_string.c =================================================================== RCS file: /cvsroot/cerber/cerb-ng/kcerb/cerb_string.c,v retrieving revision 1.24.2.2 retrieving revision 1.24.2.3 diff -C2 -d -r1.24.2.2 -r1.24.2.3 *** cerb_string.c 9 Apr 2003 15:09:54 -0000 1.24.2.2 --- cerb_string.c 12 Apr 2003 21:00:53 -0000 1.24.2.3 *************** *** 687,691 **** size -= pos; ! nargs = (sysent[th->thd_syscall].sy_narg & SYF_ARGMASK); vals = fcb_malloc(__func__, sizeof(struct scb_val *) * nargs); --- 687,691 ---- size -= pos; ! nargs = MCB_NARGS(th->thd_syscall); vals = fcb_malloc(__func__, sizeof(struct scb_val *) * nargs); |