oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Revamp lib/roken/getauxval.c

Browse Source
This commit is contained in:
Nicolas Williams
2017-04-17 16:43:22 -05:00
committed by Viktor Dukhovni
parent c7f54ae85a
commit 650ffdc964
8 changed files with 453 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cf/roken-frag.m4
View File

@@ -42,6 +42,7 @@ AC_HAVE_TYPE([ssize_t],[#include <unistd.h>])
AC_REQUIRE([AC_TYPE_PID_T]) AC_REQUIRE([AC_TYPE_PID_T])
AC_REQUIRE([AC_TYPE_UID_T]) AC_REQUIRE([AC_TYPE_UID_T])
AC_HAVE_TYPE([long long]) AC_HAVE_TYPE([long long])
AC_HAVE_TYPE([auxv_t],[#include <auxv.h>])
AC_REQUIRE([rk_RETSIGTYPE]) AC_REQUIRE([rk_RETSIGTYPE])

2
lib/roken/Makefile.am
View File

@@ -93,6 +93,8 @@ libroken_la_SOURCES = \
get_default_username.c \ get_default_username.c \
get_window_size.c \ get_window_size.c \
getarg.c \ getarg.c \
getauxval.c \
getauxval.h \
getnameinfo_verified.c \ getnameinfo_verified.c \
getprogname.c \ getprogname.c \
getxxyyy.c \ getxxyyy.c \

1
lib/roken/NTMakefile
View File

@@ -55,6 +55,7 @@ libroken_la_OBJS = \
$(OBJ)\ewrite.obj \ $(OBJ)\ewrite.obj \
$(OBJ)\flock.obj \ $(OBJ)\flock.obj \
$(OBJ)\fnmatch.obj \ $(OBJ)\fnmatch.obj \
$(OBJ)\getauxval.obj \
$(OBJ)\getaddrinfo_hostspec.obj \ $(OBJ)\getaddrinfo_hostspec.obj \
$(OBJ)\get_default_username.obj \ $(OBJ)\get_default_username.obj \
$(OBJ)\get_window_size.obj \ $(OBJ)\get_window_size.obj \

254
lib/roken/getauxval.c Normal file
View File

@@ -0,0 +1,254 @@
/*
* Copyright (c) 2016 - 2017 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <config.h>
#ifdef HAVE_SYS_AUXV_H
#include <sys/auxv.h>
#endif
#if defined(ENABLE_PTHREAD_SUPPORT) && defined(HAVE_PTHREAD_H)
#include <pthread.h>
#endif
#include <errno.h>
#include "roken.h"
#include "getauxval.h"
int rk_injected_auxv = 0; /* shared with issuid() for testing */
static int has_proc_auxv = 1;
static int proc_auxv_ret = 0;
#if defined(ENABLE_PTHREAD_SUPPORT) && defined(HAVE_PTHREAD_H)
pthread_once_t readprocauxv_once = PTHREAD_ONCE_INIT;
#endif
/*
* There's no standard maximum.
*
* At the time of this writing we observe some 20 or so auxv entries.
* If eventually that grows much larger then rk_getprocaux*() will see a
* truncated auxv.
*/
#define MAX_AUXV_COUNT 128
static auxv_t auxv[MAX_AUXV_COUNT];
static void
do_readprocauxv(void)
{
char *p = (void *)auxv;
ssize_t bytes;
size_t sz = sizeof(auxv) - sizeof(auxv[0]); /* leave terminator */
int save_errno = errno;
int fd;
errno = 0;
memset(auxv, 0, sizeof(auxv)); /* terminates our copy */
if ((fd = open("/proc/self/auxv", O_RDONLY)) == -1) {
if (errno == ENOENT)
has_proc_auxv = 0;
goto out;
}
do {
if ((bytes = read(fd, p, sz)) > 0) {
sz -= bytes;
p += bytes;
}
} while (sz && ((bytes == -1 && errno == EINTR) || bytes > 0));
out:
proc_auxv_ret = errno;
if (fd != -1)
(void) close(fd);
if (sz == 0 && bytes > 0)
warnx("/proc/self/auxv has more entries than expected");
errno = save_errno;
return;
}
static int
readprocauxv(void)
{
#if defined(ENABLE_PTHREAD_SUPPORT) && defined(HAVE_PTHREAD_H)
pthread_once(&readprocauxv_once, do_readprocauxv);
#else
do_readprocauxv();
#endif
return proc_auxv_ret;
}
/**
* Looks up an auxv entry in /proc/self/auxv. Preserves errno.
*
* @return a pointer to an auxv_t if found, else NULL.
*/
ROKEN_LIB_FUNCTION const auxv_t * ROKEN_LIB_CALL
rk_getauxv(unsigned long type)
{
auxv_t *a;
if (!has_proc_auxv || type > INT_MAX)
return NULL;
if (readprocauxv() != 0)
return NULL;
for (a = auxv; a - auxv < MAX_AUXV_COUNT; a++) {
if ((int)a->a_type == (int)type)
return a;
if (a->a_type == 0 && a->a_un.a_val == 0)
break;
}
return NULL;
}
static unsigned long
rk_getprocauxval(unsigned long type)
{
const auxv_t *a = rk_getauxv(type);
if (a == NULL) {
errno = ENOENT;
return 0;
}
return a->a_un.a_val;
}
/**
* Like the nearly-standard getauxval(). If the auxval is not found
* returns zero and always sets errno to ENOENT. Otherwise if auxval is
* found it leaves errno as it was, even if the value is zero.
*
* @return The value of the ELF auxiliary value for the given type, or
* zero and sets errno to ENOENT.
*/
ROKEN_LIB_FUNCTION unsigned long ROKEN_LIB_CALL
rk_getauxval(unsigned long type)
{
#ifdef HAVE_GETAUXVAL
#ifdef GETAUXVAL_SETS_ERRNO
if (rk_injected_auxv)
return rk_getprocauxval(type);
return getauxval(type);
#else
unsigned long ret;
unsigned long ret2;
static int getauxval_sets_errno = -1;
int save_errno = errno;
if (rk_injected_auxv)
return rk_getprocauxval(type);
errno = 0;
ret = getauxval(type);
if (ret != 0 || errno == ENOENT || getauxval_sets_errno == 1) {
if (ret != 0)
errno = save_errno;
else if (getauxval_sets_errno > 0 && errno == 0)
errno = save_errno;
return ret;
}
if (getauxval_sets_errno == 0) {
errno = save_errno;
if ((a = rk_getauxv(type)) == NULL) {
errno = ENOENT;
return 0;
}
return a->a_un.a_val;
}
/*
* We've called getauxval() and it returned 0, but we don't know if
* getauxval() sets errno = ENOENT when entries are not found.
*
* Attempt to detect whether getauxval() sets errno = ENOENT by
* calling it with what should be a bogus type.
*/
errno = 0;
ret2 = getauxval(~type);
if (ret2 == 0 && errno == ENOENT) {
getauxval_sets_errno = 1;
errno = save_errno;
return ret;
}
getauxval_sets_errno = 0;
errno = save_errno;
#endif
#else
const auxv_t *a;
if ((a = rk_getauxv(type)) == NULL) {
errno = ENOENT;
return 0;
}
return a->a_un.a_val;
#endif
}
/**
* *Internal* function for testing by injecting or overwriting an ELF
* auxiliary vector entry.
*
* @return zero on success or ENOSPC if there are too many ELF auxiliary
* entries.
*/
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_injectauxv(auxv_t *e)
{
size_t i;
int ret;
/*
* This function is racy, but as an internal function never meant to
* be called in a threaded program, we don't care.
*/
if ((ret = readprocauxv()) != 0)
return ret;
rk_injected_auxv = 1;
for (i = 0; i < MAX_AUXV_COUNT - 1 && auxv[i].a_type != 0; i++) {
/* e->a_type == 0 -> truncate auxv, delete all entries */
if (auxv[i].a_type == e->a_type || e->a_type == 0)
break;
}
if (i == MAX_AUXV_COUNT - 1)
return ENOSPC;
auxv[i] = e[0];
return 0;
}

157
lib/roken/getauxval.h Normal file
View File

@@ -0,0 +1,157 @@
/*
* Copyright (c) 2016 - 2017 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef RK_GETAUXVAL_H
#define RK_GETAUXVAL_H
#include <config.h>
#ifdef HAVE_SYS_AUXV_H
#include <sys/auxv.h>
#endif
#ifndef HAVE_AUXV_T
/*
* Illumos defines auxv_t per the ABI standards, but all other OSes seem
* to use { long; long; } instead, depends on sizeof(long) ==
* sizeof(void *), and they do not define an auxv_t.
*
* sizeof(long) != sizeof(void *) on WIN64, but Windows doesn't have
* /proc/self/auxv anyways. Just in case we use uintptr_t.
*/
typedef struct rk_auxv {
uintptr_t a_type;
union {
uintptr_t a_val;
uintptr_t a_ptr; /* This would be void * */
uintptr_t a_fnc; /* This would be void (*)(void) */
} a_un;
} auxv_t;
#endif
#ifdef __linux__
/*
* Older glibcs have no <sys/auxv.h>, but do nonetheless have an ELF
* auxiliary vector, and with the values for these types that appear in
* <sys/auxv.h> in later versions.
*
* Note that Travis-CI still uses Ubuntu 14 for its Linux build
* environment, which has such an older glibc version.
*/
#ifndef AT_UID
#define AT_UID 11
#endif
#ifndef AT_EUID
#define AT_EUID 12
#endif
#ifndef AT_GID
#define AT_GID 13
#endif
#ifndef AT_EGID
#define AT_EGID 14
#endif
#ifndef AT_SECURE
#define AT_SECURE 23
#endif
#endif
/* NetBSD calls AT_UID AT_RUID. Everyone else calls it AT_UID. */
#if defined(AT_EUID) && defined(AT_RUID) && !defined(AT_UID)
#define AT_UID AT_RUID
#endif
#if defined(AT_EGID) && defined(AT_RGID) && !defined(AT_GID)
#define AT_GID AT_RGID
#endif
#if defined(AT_EUID) && defined(AT_UID) && !defined(AT_RUID)
#define AT_RUID AT_UID
#endif
#if defined(AT_EGID) && defined(AT_GID) && !defined(AT_RGID)
#define AT_RGID AT_GID
#endif
/*
* There are three different names for the type whose value is the path
* to the executable being run by the process.
*/
#if defined(AT_EXECFN) && !defined(AT_EXECPATH)
#define AT_EXECPATH AT_EXECFN
#endif
#if defined(AT_EXECFN) && !defined(AT_SUN_EXECNAME)
#define AT_SUN_EXECNAME AT_EXECFN
#endif
#if defined(AT_EXECPATH) && !defined(AT_EXECFN)
#define AT_EXECFN AT_EXECPATH
#endif
#if defined(AT_EXECPATH) && !defined(AT_SUN_EXECNAME)
#define AT_SUN_EXECNAME AT_EXECPATH
#endif
#if defined(AT_SUN_EXECNAME) && !defined(AT_EXECFN)
#define AT_EXECFN AT_SUN_EXECNAME
#endif
#if defined(AT_SUN_EXECNAME) && !defined(AT_EXECPATH)
#define AT_EXECPATH AT_SUN_EXECNAME
#endif
/* We need this for part of the getauxval() brokenness detection below */
#ifdef __GLIBC__
#ifdef __GLIBC_PREREQ
#define HAVE_GLIBC_API_VERSION_SUPPORT(maj, min) __GLIBC_PREREQ(maj, min)
#else
#define HAVE_GLIBC_API_VERSION_SUPPORT(maj, min) \
((__GLIBC << 16) + GLIBC_MINOR >= ((maj) << 16) + (min))
#endif
/*
* Detect whether getauxval() is broken.
*
* Do change this check in order to manually test rk_getauxval() for
* older glibcs.
*/
#if HAVE_GLIBC_API_VERSION_SUPPORT(2, 19)
#define GETAUXVAL_SETS_ERRNO
/* #else it's broken */
#endif
#endif
ROKEN_LIB_FUNCTION const auxv_t * ROKEN_LIB_CALL
rk_getauxv(unsigned long type);
ROKEN_LIB_FUNCTION unsigned long ROKEN_LIB_CALL
rk_getauxval(unsigned long);
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
rk_injectauxv(auxv_t *e);
#endif /* RK_GETAUXVAL_H */

3
lib/roken/roken.h.in
View File

@@ -827,9 +827,6 @@ ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
net_read (rk_socket_t, void *, size_t); net_read (rk_socket_t, void *, size_t);
ROKEN_LIB_FUNCTION unsigned long ROKEN_LIB_CALL
rk_getprocauxval(unsigned long);
ROKEN_LIB_FUNCTION unsigned long ROKEN_LIB_CALL ROKEN_LIB_FUNCTION unsigned long ROKEN_LIB_CALL
rk_getauxval(unsigned long); rk_getauxval(unsigned long);

42
lib/roken/test-auxval.c
View File

@@ -41,19 +41,49 @@
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
#include "roken.h" #include "roken.h"
#include "getauxval.h"
static
unsigned long
getprocauxval(unsigned long type)
{
const auxv_t *e;
if ((e = rk_getauxv(type)) == NULL) {
errno = ENOENT;
return 0;
}
return e->a_un.a_val;
}
int int
main() main(int argc, char **argv, char **env)
{ {
unsigned long max_t = 0; unsigned long max_t = 0;
unsigned long a[2]; unsigned long a[2];
unsigned long v; unsigned long v;
ssize_t bytes; ssize_t bytes;
int am_suid = issuid();
int fd; int fd;
(void) argc;
(void) argv;
if (getuid() == geteuid() && getgid() == getegid()) {
if (issuid())
errx(1, "issuid() false positive? Check AT_SECURE?");
} else {
if (!issuid())
errx(1, "issuid() did not detect set-uid-ness!");
}
if ((fd = open("/proc/self/auxv", O_RDONLY)) == -1) if ((fd = open("/proc/self/auxv", O_RDONLY)) == -1)
return 0; return 0;
/*
* Check that for every ELF auxv entry in /proc/self/auxv we
* find the correct answer from the rk_get*auxval() functions.
*/
do { do {
bytes = read(fd, a, sizeof(a)); bytes = read(fd, a, sizeof(a));
if (bytes != sizeof(a)) { if (bytes != sizeof(a)) {
@@ -82,11 +112,11 @@ main()
if (errno != EACCES) if (errno != EACCES)
errx(1, "rk_getauxval(%lu) did not preserve errno", a[0]); errx(1, "rk_getauxval(%lu) did not preserve errno", a[0]);
if ((v = rk_getprocauxval(a[0])) != a[1]) if ((v = getprocauxval(a[0])) != a[1])
errx(1, "rk_getauxval(%lu) should have been %lu, was %lu", errx(1, "rk_getauxval(%lu) should have been %lu, was %lu",
a[0], a[1], v); a[0], a[1], v);
if (errno != EACCES) if (errno != EACCES)
errx(1, "rk_getprocauxval(%lu) did not preserve errno", a[0]); errx(1, "rk_getauxv(%lu) did not preserve errno", a[0]);
printf("auxv type %lu -> %lu\n", a[0], a[1]); printf("auxv type %lu -> %lu\n", a[0], a[1]);
} while (a[0] != 0 || a[1] != 0); } while (a[0] != 0 || a[1] != 0);
@@ -108,11 +138,11 @@ main()
"errno = ENOENT!", max_t); "errno = ENOENT!", max_t);
errno = EACCES; errno = EACCES;
if ((v = rk_getprocauxval(max_t + 1)) != 0) if ((v = getprocauxval(max_t + 1)) != 0)
errx(1, "rk_getprocauxval((max_type_seen = %lu) + 1) should have been " errx(1, "rk_getauxv((max_type_seen = %lu) + 1) should have been "
"0, was %lu", max_t, v); "0, was %lu", max_t, v);
if (errno != ENOENT) if (errno != ENOENT)
errx(1, "rk_getprocauxval((max_type_seen = %lu) + 1) did not set " errx(1, "rk_getauxv((max_type_seen = %lu) + 1) did not set "
"errno = ENOENT!", max_t); "errno = ENOENT!", max_t);
return 0; return 0;
} }

3
lib/roken/version-script.map
View File

@@ -68,12 +68,12 @@ HEIMDAL_ROKEN_1.0 {
rk_freeifaddrs; rk_freeifaddrs;
rk_gai_strerror; rk_gai_strerror;
rk_getaddrinfo; rk_getaddrinfo;
rk_getauxv;
rk_getauxval; rk_getauxval;
rk_getifaddrs; rk_getifaddrs;
rk_getipnodebyaddr; rk_getipnodebyaddr;
rk_getipnodebyname; rk_getipnodebyname;
rk_getnameinfo; rk_getnameinfo;
rk_getprocauxval;
rk_getprogname; rk_getprogname;
rk_glob; rk_glob;
rk_globfree; rk_globfree;
@@ -82,6 +82,7 @@ HEIMDAL_ROKEN_1.0 {
rk_hostent_find_fqdn; rk_hostent_find_fqdn;
rk_inet_ntop; rk_inet_ntop;
rk_inet_pton; rk_inet_pton;
rk_injectauxv;
rk_localtime_r; rk_localtime_r;
rk_memset_s; rk_memset_s;
rk_mkdir; rk_mkdir;