libsandbox: do not abort when the target uses bad pointers

If the target passes a bad pointer to the kernel, then trying to extract
the data via ptrace will also throw an error.  The tracing code should not
abort though as there's no valid address to check, and kernel itself will
return an error for us.  Simply return and move on.

URL: https://bugs.gentoo.org/560396
Reported-by: Jeroen Roovers <jer@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>

1 files changed, 14 insertions, 0 deletions

diff --git a/libsandbox/trace.c b/libsandbox/trace.c
index 99ef8cd..f9194fe 100644
--- a/libsandbox/trace.c
+++ b/libsandbox/trace.c
@@ -59,6 +59,11 @@ static long _do_ptrace(enum __ptrace_request request, const char *srequest, void
 			}
 			sched_yield();
 			goto try_again;
+		} else if (errno == EIO || errno == EFAULT) {
+			/* This comes up when the child itself tries to use a bad pointer.
+			 * That's not something the sandbox should abort on. #560396
+			 */
+			return ret;
 		} else if (!errno)
 			if (request == PTRACE_PEEKDATA ||
 			    request == PTRACE_PEEKTEXT ||
@@ -140,7 +145,16 @@ static char *do_peekstr(unsigned long lptr)
 	while (1) {
 		a = lptr & (sizeof(long) - 1);
 		lptr -= a;
+		errno = 0;
 		s.val = do_peekdata(lptr);
+		if (unlikely(errno)) {
+			if (errno == EIO || errno == EFAULT) {
+				ret[0] = '\0';
+				return ret;
+			}
+			sb_ebort("ISE:do_peekstr:do_peekdata(%#lx) failed: %s\n",
+				lptr, strerror(errno));
+		}
 		for (i = a; i < sizeof(long); ++i) {
 			ret[l++] = s.x[i];
 			if (!s.x[i])