diff options
author | Mike Frysinger <vapier@gentoo.org> | 2015-09-20 18:25:33 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2015-09-20 18:25:33 -0400 |
commit | 0a9188fd0a812cb864819d37a6a7217a135b85f0 (patch) | |
tree | 24ebd8744cd6758e86a0e78c91448012c73da917 /libsandbox | |
parent | libsandbox: fix process_vm_readv addresses/lengths (diff) | |
download | sandbox-0a9188fd0a812cb864819d37a6a7217a135b85f0.tar.gz sandbox-0a9188fd0a812cb864819d37a6a7217a135b85f0.tar.bz2 sandbox-0a9188fd0a812cb864819d37a6a7217a135b85f0.zip |
libsandbox: do not abort when the target uses bad pointers
If the target passes a bad pointer to the kernel, then trying to extract
the data via ptrace will also throw an error. The tracing code should not
abort though as there's no valid address to check, and kernel itself will
return an error for us. Simply return and move on.
URL: https://bugs.gentoo.org/560396
Reported-by: Jeroen Roovers <jer@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'libsandbox')
-rw-r--r-- | libsandbox/trace.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/libsandbox/trace.c b/libsandbox/trace.c index 99ef8cd..f9194fe 100644 --- a/libsandbox/trace.c +++ b/libsandbox/trace.c @@ -59,6 +59,11 @@ static long _do_ptrace(enum __ptrace_request request, const char *srequest, void } sched_yield(); goto try_again; + } else if (errno == EIO || errno == EFAULT) { + /* This comes up when the child itself tries to use a bad pointer. + * That's not something the sandbox should abort on. #560396 + */ + return ret; } else if (!errno) if (request == PTRACE_PEEKDATA || request == PTRACE_PEEKTEXT || @@ -140,7 +145,16 @@ static char *do_peekstr(unsigned long lptr) while (1) { a = lptr & (sizeof(long) - 1); lptr -= a; + errno = 0; s.val = do_peekdata(lptr); + if (unlikely(errno)) { + if (errno == EIO || errno == EFAULT) { + ret[0] = '\0'; + return ret; + } + sb_ebort("ISE:do_peekstr:do_peekdata(%#lx) failed: %s\n", + lptr, strerror(errno)); + } for (i = a; i < sizeof(long); ++i) { ret[l++] = s.x[i]; if (!s.x[i]) |