From 463d666cc53a2f9d2df0f68310d6575ccae42bfe Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Thu, 4 Feb 2010 17:44:59 -0800 Subject: Revert "PR11234: Ensure __get_argv doesn't overflow" This reverts commit f75409719f120a3dbee66d761cf23a64092d1414. --- tapset/aux_syscalls.stp | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) (limited to 'tapset') diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp index 2d0ba210..bab0f640 100644 --- a/tapset/aux_syscalls.stp +++ b/tapset/aux_syscalls.stp @@ -401,20 +401,20 @@ function __sem_flags:string(semflg:long) /* This function copies an argv from userspace. */ function __get_argv:string(a:long, first:long) %{ /* pure */ - char __user *__user *argv = (char __user *__user *)(long)THIS->a; + char __user *__user *argv = (char __user *__user *)(long)THIS->a; char __user *vstr; int space, rc, len = MAXSTRINGLEN; char *str = THIS->__retvalue; char buf[80]; char *ptr = buf; - + if (THIS->first && argv) argv++; - while (argv != NULL && len) { + while (argv != NULL) { if (__stp_get_user (vstr, argv)) - break; + break; if (vstr == NULL) break; @@ -443,8 +443,8 @@ function __get_argv:string(a:long, first:long) *str++='\"'; len--; } - - rc = min(len, (int) strlcpy (str, buf, len)); + + rc = strlcpy (str, buf, len); str += rc; len -= rc; @@ -455,15 +455,13 @@ function __get_argv:string(a:long, first:long) argv++; } - if (!len) - --str; *str = 0; %} /* This function copies an argv from userspace. */ function __get_compat_argv:string(a:long, first:long) %{ /* pure */ #ifdef CONFIG_COMPAT - compat_uptr_t __user *__user *argv = (compat_uptr_t __user *__user *)(long)THIS->a; + compat_uptr_t __user *__user *argv = (compat_uptr_t __user *__user *)(long)THIS->a; compat_uptr_t __user *vstr; int space, rc, len = MAXSTRINGLEN; char *str = THIS->__retvalue; @@ -473,9 +471,9 @@ function __get_compat_argv:string(a:long, first:long) if (THIS->first && argv) argv++; - while (argv != NULL && len) { + while (argv != NULL) { if (__stp_get_user (vstr, argv)) - break; + break; if (vstr == NULL) break; @@ -504,8 +502,8 @@ function __get_compat_argv:string(a:long, first:long) *str++='\"'; len--; } - - rc = min(len, (int) strlcpy (str, buf, len)); + + rc = strlcpy (str, buf, len); str += rc; len -= rc; @@ -516,8 +514,6 @@ function __get_compat_argv:string(a:long, first:long) argv++; } - if (!len) - --str; *str = 0; #endif %} -- cgit From a2d399c87a642190f08ede63dc6fc434a5a8363a Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Thu, 4 Feb 2010 17:47:31 -0800 Subject: PR11234: Rewrite __get_argv without embedded-C We now implement __get_argv's string building in pure stap script. Also, every argument is now quoted, which is different than before, but it's much more robust about handling special characters. --- tapset/aux_syscalls.stp | 159 ++++++++++++++---------------------------------- 1 file changed, 44 insertions(+), 115 deletions(-) (limited to 'tapset') diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp index bab0f640..e762b37a 100644 --- a/tapset/aux_syscalls.stp +++ b/tapset/aux_syscalls.stp @@ -399,124 +399,53 @@ function __sem_flags:string(semflg:long) /* This function copies an argv from userspace. */ -function __get_argv:string(a:long, first:long) -%{ /* pure */ - char __user *__user *argv = (char __user *__user *)(long)THIS->a; - char __user *vstr; - int space, rc, len = MAXSTRINGLEN; - char *str = THIS->__retvalue; - char buf[80]; - char *ptr = buf; - - - if (THIS->first && argv) - argv++; - - while (argv != NULL) { - if (__stp_get_user (vstr, argv)) - break; - - if (vstr == NULL) - break; - - rc = _stp_strncpy_from_user(buf, vstr, 79); - if (rc <= 0) - break; - - /* check for whitespace in string */ - buf[rc] = 0; - ptr = buf; - space = 0; - while (*ptr && rc--) { - if (isspace(*ptr++)) { - space = 1; - break; - } - } - - if (len != MAXSTRINGLEN && len) { - *str++=' '; - len--; - } - - if (space && len) { - *str++='\"'; - len--; - } - - rc = strlcpy (str, buf, len); - str += rc; - len -= rc; - - if (space && len) { - *str++='\"'; - len--; - } - - argv++; +function __get_argv:string(argv:long, first:long) +{ +%( CONFIG_64BIT == "y" %? + if (first && argv) + argv += 8 + while (argv) { + vstr = user_long(argv) + if (!vstr) + break + if (len) + str .= " " + str .= user_string_quoted(vstr) + + newlen = strlen(str) + if (newlen == len) + break + len = newlen + argv += 8 } - *str = 0; -%} -/* This function copies an argv from userspace. */ -function __get_compat_argv:string(a:long, first:long) -%{ /* pure */ -#ifdef CONFIG_COMPAT - compat_uptr_t __user *__user *argv = (compat_uptr_t __user *__user *)(long)THIS->a; - compat_uptr_t __user *vstr; - int space, rc, len = MAXSTRINGLEN; - char *str = THIS->__retvalue; - char buf[80]; - char *ptr = buf; - - if (THIS->first && argv) - argv++; - - while (argv != NULL) { - if (__stp_get_user (vstr, argv)) - break; - - if (vstr == NULL) - break; - - rc = _stp_strncpy_from_user(buf, (char *)vstr, 79); - if (rc <= 0) - break; - - /* check for whitespace in string */ - buf[rc] = 0; - ptr = buf; - space = 0; - while (*ptr && rc--) { - if (isspace(*ptr++)) { - space = 1; - break; - } - } - - if (len != MAXSTRINGLEN && len) { - *str++=' '; - len--; - } - - if (space && len) { - *str++='\"'; - len--; - } - - rc = strlcpy (str, buf, len); - str += rc; - len -= rc; - - if (space && len) { - *str++='\"'; - len--; - } - argv++; + return str +%: + return __get_compat_argv(argv, first) +%) +} +/* This function copies an argv from userspace. */ +function __get_compat_argv:string(argv:long, first:long) +{ + if (first && argv) + argv += 4 + while (argv) { + vstr = user_int(argv) & 0xffffffff + if (!vstr) + break + if (len) + str .= " " + str .= user_string_quoted(vstr) + + newlen = strlen(str) + if (newlen == len) + break + len = newlen + argv += 4 } - *str = 0; -#endif -%} + + return str +} /* * Return the symbolic string representation -- cgit