libexec: detect short files

author Ben Gras <ben@minix3.org>

Mon, 4 Feb 2013 00:49:48 +0000 (01:49 +0100)

committer Ben Gras <ben@minix3.org>

Mon, 4 Feb 2013 11:04:35 +0000 (12:04 +0100)
author Ben Gras <ben@minix3.org>
Mon, 4 Feb 2013 00:49:48 +0000 (01:49 +0100)
committer Ben Gras <ben@minix3.org>
Mon, 4 Feb 2013 11:04:35 +0000 (12:04 +0100)
diff --git a/kernel/arch/earm/protect.c b/kernel/arch/earm/protect.c

index c2afc447ed6bbaeceab4070741386cfd43634a16..7a6f759b2c4f924efa4c8f79612e174d5cad7846 100644 (file)
--- a/kernel/arch/earm/protect.c
+++ b/kernel/arch/earm/protect.c
@@ -131,7 +131,7 @@ void arch_boot_proc(struct boot_image *ip, struct proc *rp)
                 execi.stack_size = 32 * 1024;   /* not too crazy as it must be preallocated */
                 execi.proc_e = ip->endpoint;
                 execi.hdr = (char *) mod->mod_start; /* phys mem direct */
-               execi.hdr_len = mod->mod_end - mod->mod_start;
+               execi.filesize = execi.hdr_len = mod->mod_end - mod->mod_start;
                 strcpy(execi.progname, ip->proc_name);
                 execi.frame_len = 0;
  
diff --git a/kernel/arch/i386/protect.c b/kernel/arch/i386/protect.c

index a95397c481c1e1b936a8755d1a7c97db34f43451..7594e23613fd10dfeab9219604c7f7fa55f1ff9c 100644 (file)
--- a/kernel/arch/i386/protect.c
+++ b/kernel/arch/i386/protect.c
@@ -407,7 +407,7 @@ void arch_boot_proc(struct boot_image *ip, struct proc *rp)
                 execi.stack_size = 16 * 1024;   /* not too crazy as it must be preallocated */
                 execi.proc_e = ip->endpoint;
                 execi.hdr = (char *) mod->mod_start; /* phys mem direct */
-               execi.hdr_len = mod->mod_end - mod->mod_start;
+               execi.filesize = execi.hdr_len = mod->mod_end - mod->mod_start;
                 strlcpy(execi.progname, ip->proc_name, sizeof(execi.progname));
                 execi.frame_len = 0;
  
diff --git a/lib/libexec/exec_elf.c b/lib/libexec/exec_elf.c

index a2096f1de94e30e49237735611ac0d4a66632fe7..4645ec638532eff72fe40fa32390cee205ec4ffd 100644 (file)
--- a/lib/libexec/exec_elf.c
+++ b/lib/libexec/exec_elf.c
@@ -156,6 +156,15 @@ int libexec_load_elf(struct exec_info *execi)
         assert(execi->allocmem_prealloc);
         assert(execi->allocmem_ondemand);
  
+       for (i = 0; i < hdr->e_phnum; i++) {
+               Elf_Phdr *ph = &phdr[i];
+               off_t file_limit = ph->p_offset + ph->p_filesz;
+               /* sanity check binary before wiping out the target process */
+               if(execi->filesize < file_limit) {
+                       return ENOEXEC;
+               }
+       }
+
         if(execi->clearproc) execi->clearproc(execi);
  
         for (i = 0; i < hdr->e_phnum; i++) {
diff --git a/lib/libexec/libexec.h b/lib/libexec/libexec.h

index 69da9cb298bfe275bc8d2fc7729b67fd387dd63f..8b6db7618888fdc72584834684a842470b2dde6f 100644 (file)
--- a/lib/libexec/libexec.h
+++ b/lib/libexec/libexec.h
@@ -28,6 +28,7 @@ struct exec_info {
      int allow_setuid;                   /* Allow set{u,g}id execution? */
      vir_bytes stack_size;              /* Desired stack size */
      vir_bytes load_offset;             /* Desired load offset */
+    off_t filesize;                    /* How big is the file */
  
      /* Callback pointers for use by libexec */
      libexec_loadfunc_t copymem;                /* Copy callback */
diff --git a/servers/rs/exec.c b/servers/rs/exec.c

index 7dd908de1aebd7004f28a6bea9ba32b25e87bc8f..d0c950f67c004dd1b3dd59ce1c8d617abbbb6c40 100644 (file)
--- a/servers/rs/exec.c
+++ b/servers/rs/exec.c
@@ -124,7 +124,7 @@ static int do_exec(int proc_e, char *exec, size_t exec_len, char *progname,
         execi.stack_size = DEFAULT_STACK_LIMIT;
         execi.proc_e = proc_e;
         execi.hdr = exec;
-       execi.hdr_len = exec_len;
+       execi.filesize = execi.hdr_len = exec_len;
         strncpy(execi.progname, progname, PROC_NAME_LEN-1);
         execi.progname[PROC_NAME_LEN-1] = '\0';
         execi.frame_len = frame_len;
diff --git a/servers/vfs/exec.c b/servers/vfs/exec.c

index cf49447bf1716d24912a2d60c32d9cbe3f9546ab..b3f6f56ce0b154bef0e6f71d667a100ff79020c4 100644 (file)
--- a/servers/vfs/exec.c
+++ b/servers/vfs/exec.c
@@ -312,6 +312,7 @@ int pm_exec(endpoint_t proc_e, vir_bytes path, size_t path_len,
  
    execi.args.proc_e = proc_e;
    execi.args.frame_len = frame_len;
+  execi.args.filesize = execi.vp->v_size;
  
    for (i = 0; exec_loaders[i].load_object != NULL; i++) {
        r = (*exec_loaders[i].load_object)(&execi.args);
diff --git a/servers/vm/main.c b/servers/vm/main.c

index d40a0b62170e716533c358b9a682289b0a346a0e..f2b7c2f5f50cf0a856dfef4358a4806d3169dab1 100644 (file)
--- a/servers/vm/main.c
+++ b/servers/vm/main.c
@@ -276,6 +276,7 @@ void exec_bootproc(struct vmproc *vmp, struct boot_image *ip)
          strlcpy(execi->progname, ip->proc_name, sizeof(execi->progname));
          execi->frame_len = 0;
         execi->opaque = &vmexeci;
+       execi->filesize = ip->len;
  
         vmexeci.ip = ip;
         vmexeci.vmp = vmp;
diff --git a/test/test10.c b/test/test10.c

index 152b560bf47e8a4965824ca0b2b0e8f1afa5ff3a..040b0f33a9177221367724038b9bc235dbf25b62 100644 (file)
--- a/test/test10.c
+++ b/test/test10.c
@@ -77,7 +77,11 @@ int n;
    if ((pid = fork()) != 0) {
         wait(&n);               /* wait for some child (any one) */
    } else {
-       execl(name[n], name[n], (char *) 0);
+       /* a successful exec or a successful detection of a broken executable
+        * is ok
+        */
+       if(execl(name[n], name[n], (char *) 0) < 0 && errno == ENOEXEC)
+               exit(0);
         errct++;
         printf("Child execl didn't take. file=%s errno=%d\n", name[n], errno);
         rmfiles();
author	Ben Gras <ben@minix3.org>
	Mon, 4 Feb 2013 00:49:48 +0000 (01:49 +0100)
committer	Ben Gras <ben@minix3.org>
	Mon, 4 Feb 2013 11:04:35 +0000 (12:04 +0100)
kernel/arch/earm/protect.c		patch \| blob \| history
kernel/arch/i386/protect.c		patch \| blob \| history
lib/libexec/exec_elf.c		patch \| blob \| history
lib/libexec/libexec.h		patch \| blob \| history
servers/rs/exec.c		patch \| blob \| history
servers/vfs/exec.c		patch \| blob \| history
servers/vm/main.c		patch \| blob \| history
test/test10.c		patch \| blob \| history