strace/io.c

410 lines
9.2 KiB
C
Raw Normal View History

1999-02-19 00:21:36 +00:00
/*
* Copyright (c) 1991, 1992 Paul Kranenburg <pk@cs.few.eur.nl>
* Copyright (c) 1993 Branko Lankester <branko@hacktic.nl>
* Copyright (c) 1993, 1994, 1995, 1996 Rick Sladkey <jrs@world.std.com>
1999-12-23 14:20:14 +00:00
* Copyright (c) 1996-1999 Wichert Akkerman <wichert@cistron.nl>
1999-02-19 00:21:36 +00:00
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* $Id$
*/
#include "defs.h"
#include <fcntl.h>
#if HAVE_SYS_UIO_H
1999-02-19 00:21:36 +00:00
#include <sys/uio.h>
#endif
1999-02-19 00:21:36 +00:00
#ifdef HAVE_LONG_LONG_OFF_T
/*
* Hacks for systems that have a long long off_t
*/
#define sys_pread64 sys_pread
#define sys_pwrite64 sys_pwrite
#endif
1999-02-19 00:21:36 +00:00
int
sys_read(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
} else {
if (syserror(tcp))
tprintf("%#lx", tcp->u_arg[1]);
else
printstr(tcp, tcp->u_arg[1], tcp->u_rval);
tprintf(", %lu", tcp->u_arg[2]);
}
return 0;
}
int
sys_write(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
printstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
tprintf(", %lu", tcp->u_arg[2]);
}
return 0;
}
#if HAVE_SYS_UIO_H
2000-09-01 21:03:06 +00:00
void
tprint_iov(tcp, len, addr)
struct tcb * tcp;
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
unsigned long len;
unsigned long addr;
2000-09-01 21:03:06 +00:00
{
#if defined(LINUX) && SUPPORTED_PERSONALITIES > 1
union {
struct { u_int32_t base; u_int32_t len; } iov32;
struct { u_int64_t base; u_int64_t len; } iov64;
} iov;
#define sizeof_iov \
(personality_wordsize[current_personality] == 4 \
? sizeof(iov.iov32) : sizeof(iov.iov64))
#define iov_iov_base \
(personality_wordsize[current_personality] == 4 \
? (u_int64_t) iov.iov32.base : iov.iov64.base)
#define iov_iov_len \
(personality_wordsize[current_personality] == 4 \
? (u_int64_t) iov.iov32.len : iov.iov64.len)
#else
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
struct iovec iov;
#define sizeof_iov sizeof(iov)
#define iov_iov_base iov.iov_base
#define iov_iov_len iov.iov_len
#endif
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
unsigned long size, cur, end, abbrev_end;
int failed = 0;
2000-09-01 21:03:06 +00:00
if (!len) {
tprintf("[]");
return;
}
size = len * sizeof_iov;
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
end = addr + size;
if (!verbose(tcp) || size / sizeof_iov != len || end < addr) {
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
tprintf("%#lx", addr);
2000-09-01 21:03:06 +00:00
return;
}
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
if (abbrev(tcp)) {
abbrev_end = addr + max_strlen * sizeof_iov;
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
if (abbrev_end < addr)
abbrev_end = end;
2000-09-01 21:03:06 +00:00
} else {
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
abbrev_end = end;
}
tprintf("[");
for (cur = addr; cur < end; cur += sizeof_iov) {
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
if (cur > addr)
tprintf(", ");
if (cur >= abbrev_end) {
tprintf("...");
break;
}
if (umoven(tcp, cur, sizeof_iov, (char *) &iov) < 0) {
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
tprintf("?");
failed = 1;
break;
2000-09-01 21:03:06 +00:00
}
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
tprintf("{");
printstr(tcp, (long) iov_iov_base, iov_iov_len);
tprintf(", %lu}", (unsigned long)iov_iov_len);
2000-09-01 21:03:06 +00:00
}
2005-05-31 Dmitry V. Levin <ldv@altlinux.org> Deal with memory management issues. * defs.h (tprint_iov): Update prototype. * desc.c (sys_epoll_wait) [HAVE_SYS_EPOLL_H]: Do not allocate epoll_event array of arbitrary size on the stack, to avoid stack overflow. * file.c (print_xattr_val): Check for integer overflow during malloc size calculation, to avoid heap corruption. * io.c (tprint_iov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change iovec array handling to avoid heap memory allocation. * mem.c (get_nodes) [LINUX]: Check for integer overflow during size calculation and do not allocate array of arbitrary size on the stack, to avoid stack overflow. * net.c (printcmsghdr) [HAVE_SENDMSG]: Do not allocate array of arbitrary size on the stack, to avoid stack overflow. Do not trust cmsg.cmsg_len to avoid read beyond the end of allocated object. (printmsghdr) [HAVE_SENDMSG]: Update tprint_iov() usage. * process.c (sys_setgroups): Check for integer overflow during malloc size calculation, to avoid heap corruption. Change gid_t array handling to avoid heap memory allocation. (sys_getgroups): Likewise. (sys_setgroups32) [LINUX]: Likewise. (sys_getgroups32) [LINUX]: Likewise. * stream.c (sys_poll) [HAVE_SYS_POLL_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Change pollfd array handling to avoid heap memory allocation. * system.c (sys_sysctl) [LINUX]: Check for integer overflow during malloc size calculation, to avoid heap corruption. * util.c (dumpiov) [HAVE_SYS_UIO_H]: Check for integer overflow during malloc size calculation, to avoid heap corruption. Fixes RH#159196.
2005-06-01 19:22:06 +00:00
tprintf("]");
if (failed)
tprintf(" %#lx", addr);
#undef sizeof_iov
#undef iov_iov_base
#undef iov_iov_len
2000-09-01 21:03:06 +00:00
}
1999-02-19 00:21:36 +00:00
int
sys_readv(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
} else {
if (syserror(tcp)) {
tprintf("%#lx, %lu",
tcp->u_arg[1], tcp->u_arg[2]);
return 0;
}
2000-09-01 21:03:06 +00:00
tprint_iov(tcp, tcp->u_arg[2], tcp->u_arg[1]);
1999-02-19 00:21:36 +00:00
tprintf(", %lu", tcp->u_arg[2]);
}
return 0;
}
int
sys_writev(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
2000-09-01 21:03:06 +00:00
tprint_iov(tcp, tcp->u_arg[2], tcp->u_arg[1]);
1999-02-19 00:21:36 +00:00
tprintf(", %lu", tcp->u_arg[2]);
}
return 0;
}
#endif
1999-02-19 00:21:36 +00:00
2001-03-07 13:21:24 +00:00
#if defined(SVR4)
1999-02-19 00:21:36 +00:00
int
sys_pread(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
} else {
if (syserror(tcp))
tprintf("%#lx", tcp->u_arg[1]);
else
printstr(tcp, tcp->u_arg[1], tcp->u_rval);
#if UNIXWARE
/* off_t is signed int */
tprintf(", %lu, %ld", tcp->u_arg[2], tcp->u_arg[3]);
#else
1999-02-19 00:21:36 +00:00
tprintf(", %lu, %llu", tcp->u_arg[2],
LONG_LONG(tcp->u_arg[3], tcp->u_arg[4]));
#endif
1999-02-19 00:21:36 +00:00
}
return 0;
}
int
sys_pwrite(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
printstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
#if UNIXWARE
/* off_t is signed int */
tprintf(", %lu, %ld", tcp->u_arg[2], tcp->u_arg[3]);
#else
1999-02-19 00:21:36 +00:00
tprintf(", %lu, %llu", tcp->u_arg[2],
LONG_LONG(tcp->u_arg[3], tcp->u_arg[4]));
2000-09-01 21:03:06 +00:00
#endif
}
return 0;
}
2001-03-07 13:21:24 +00:00
#endif /* SVR4 */
2000-09-01 21:03:06 +00:00
#ifdef FREEBSD
#include <sys/types.h>
#include <sys/socket.h>
int
sys_sendfile(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, %ld, %llu, %lu", tcp->u_arg[0], tcp->u_arg[1],
LONG_LONG(tcp->u_arg[2], tcp->u_arg[3]),
tcp->u_arg[4]);
2000-09-01 21:03:06 +00:00
} else {
off_t offset;
if (!tcp->u_arg[5])
tprintf(", NULL");
else {
struct sf_hdtr hdtr;
if (umove(tcp, tcp->u_arg[5], &hdtr) < 0)
tprintf(", %#lx", tcp->u_arg[5]);
else {
tprintf(", { ");
tprint_iov(tcp, hdtr.hdr_cnt, hdtr.headers);
tprintf(", %u, ", hdtr.hdr_cnt);
tprint_iov(tcp, hdtr.trl_cnt, hdtr.trailers);
tprintf(", %u }", hdtr.hdr_cnt);
}
}
if (!tcp->u_arg[6])
tprintf(", NULL");
else if (umove(tcp, tcp->u_arg[6], &offset) < 0)
tprintf(", %#lx", tcp->u_arg[6]);
else
tprintf(", [%llu]", offset);
tprintf(", %lu", tcp->u_arg[7]);
1999-02-19 00:21:36 +00:00
}
return 0;
}
2000-09-01 21:03:06 +00:00
#endif /* FREEBSD */
1999-02-19 00:21:36 +00:00
#ifdef LINUX
/* The SH4 ABI does allow long longs in odd-numbered registers, but
does not allow them to be split between registers and memory - and
there are only four argument registers for normal functions. As a
result pread takes an extra padding argument before the offset. This
was changed late in the 2.4 series (around 2.4.20). */
#if defined(SH)
#define PREAD_OFFSET_ARG 4
#else
#define PREAD_OFFSET_ARG 3
#endif
1999-02-19 00:21:36 +00:00
int
sys_pread(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
} else {
if (syserror(tcp))
tprintf("%#lx", tcp->u_arg[1]);
else
printstr(tcp, tcp->u_arg[1], tcp->u_rval);
ALIGN64 (tcp, PREAD_OFFSET_ARG); /* PowerPC alignment restriction */
tprintf(", %lu, %llu", tcp->u_arg[2],
*(unsigned long long *)&tcp->u_arg[PREAD_OFFSET_ARG]);
1999-02-19 00:21:36 +00:00
}
return 0;
}
int
sys_pwrite(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
printstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
ALIGN64 (tcp, PREAD_OFFSET_ARG); /* PowerPC alignment restriction */
tprintf(", %lu, %llu", tcp->u_arg[2],
*(unsigned long long *)&tcp->u_arg[PREAD_OFFSET_ARG]);
}
return 0;
}
int
sys_sendfile(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
off_t offset;
tprintf("%ld, %ld, ", tcp->u_arg[0], tcp->u_arg[1]);
if (!tcp->u_arg[2])
tprintf("NULL");
else if (umove(tcp, tcp->u_arg[2], &offset) < 0)
tprintf("%#lx", tcp->u_arg[2]);
else
tprintf("[%lu]", offset);
tprintf(", %lu", tcp->u_arg[3]);
1999-02-19 00:21:36 +00:00
}
return 0;
}
int
sys_sendfile64(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
loff_t offset;
tprintf("%ld, %ld, ", tcp->u_arg[0], tcp->u_arg[1]);
if (!tcp->u_arg[2])
tprintf("NULL");
else if (umove(tcp, tcp->u_arg[2], &offset) < 0)
tprintf("%#lx", tcp->u_arg[2]);
else
tprintf("[%llu]", (unsigned long long int) offset);
tprintf(", %lu", tcp->u_arg[3]);
}
return 0;
}
1999-02-19 00:21:36 +00:00
#endif /* LINUX */
#if _LFS64_LARGEFILE || HAVE_LONG_LONG_OFF_T
2001-03-06 15:08:09 +00:00
int
sys_pread64(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
} else {
2001-03-07 13:21:24 +00:00
ALIGN64 (tcp, 3);
2001-03-06 15:08:09 +00:00
if (syserror(tcp))
tprintf("%#lx", tcp->u_arg[1]);
else
printstr(tcp, tcp->u_arg[1], tcp->u_rval);
2001-03-07 13:21:24 +00:00
tprintf(", %lu, %#llx", tcp->u_arg[2],
LONG_LONG(tcp->u_arg[3], tcp->u_arg[4]));
2001-03-06 15:08:09 +00:00
}
return 0;
}
int
sys_pwrite64(tcp)
struct tcb *tcp;
{
if (entering(tcp)) {
2001-03-07 13:21:24 +00:00
ALIGN64 (tcp, 3);
2001-03-06 15:08:09 +00:00
tprintf("%ld, ", tcp->u_arg[0]);
printstr(tcp, tcp->u_arg[1], tcp->u_arg[2]);
2001-03-07 13:21:24 +00:00
tprintf(", %lu, %#llx", tcp->u_arg[2],
LONG_LONG(tcp->u_arg[3], tcp->u_arg[4]));
2001-03-06 15:08:09 +00:00
}
return 0;
}
#endif
1999-02-19 00:21:36 +00:00
int
sys_ioctl(tcp)
struct tcb *tcp;
{
const struct ioctlent *iop;
1999-02-19 00:21:36 +00:00
if (entering(tcp)) {
tprintf("%ld, ", tcp->u_arg[0]);
iop = ioctl_lookup(tcp->u_arg[1]);
if (iop) {
tprintf("%s", iop->symbol);
while ((iop = ioctl_next_match(iop)))
tprintf(" or %s", iop->symbol);
} else
1999-02-19 00:21:36 +00:00
tprintf("%#lx", tcp->u_arg[1]);
ioctl_decode(tcp, tcp->u_arg[1], tcp->u_arg[2]);
}
else {
2002-05-23 11:48:58 +00:00
int ret;
if (!(ret = ioctl_decode(tcp, tcp->u_arg[1], tcp->u_arg[2])))
1999-02-19 00:21:36 +00:00
tprintf(", %#lx", tcp->u_arg[2]);
2002-05-23 11:48:58 +00:00
else
return ret - 1;
1999-02-19 00:21:36 +00:00
}
return 0;
}