Skip to content

Don't leak compartment name pointers after dlclose() #2389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 21, 2025
Merged

Don't leak compartment name pointers after dlclose() #2389

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4ad9ac3
rtld c18n: Always allocate a copy of the name for a new compartment
bsdjhb Apr 3, 2025
2125105
rtld: Retire Compart_Entry.compart_name
bsdjhb Apr 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 1 addition & 5 deletions libexec/rtld-elf/map_object.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -550,12 +550,8 @@ obj_free(Obj_Entry *obj)
free(obj->path);
#ifdef __CHERI_PURE_CAPABILITY__
#ifdef CHERI_LIB_C18N
if (obj->comparts) {
for (unsigned long i = 0; i < obj->ncomparts; i++) {
free(obj->comparts[i].compart_name);
}
if (obj->comparts)
free(obj->comparts);
}
#endif
if (obj->pcc_caps)
free(obj->pcc_caps);
Expand Down
10 changes: 6 additions & 4 deletions libexec/rtld-elf/rtld.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6324,6 +6324,7 @@ c18n_setup_compartments(Obj_Entry *obj, const char *name, int flags)
{
Compart_Entry *compart;
const Elf_Phdr *ph;
char *compart_name;
size_t len;

assert(obj->default_compart_id == 0);
Expand Down Expand Up @@ -6354,11 +6355,12 @@ c18n_setup_compartments(Obj_Entry *obj, const char *name, int flags)
compart->end = compart->start + ph->p_memsz;

len = strlen(name) + 1 + strlen(compart->name) + 1;
compart->compart_name = malloc(len);
rtld_snprintf(compart->compart_name, len, "%s:%s",
name, compart->name);
compart_name = malloc(len);
rtld_snprintf(compart_name, len, "%s:%s", name,
compart->name);
compart->compart_id =
compart_id_allocate(compart->compart_name, flags);
compart_id_allocate(compart_name, flags);
free(compart_name);
compart++;
break;
}
Expand Down
1 change: 0 additions & 1 deletion libexec/rtld-elf/rtld.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,6 @@ typedef struct Struct_Compart_Entry {
const char *name;
Elf_Addr start;
Elf_Addr end;
char *compart_name;
uint16_t compart_id;
} Compart_Entry;
#endif
Expand Down
18 changes: 15 additions & 3 deletions libexec/rtld-elf/rtld_c18n.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,15 @@
INC_NUM_BYTES(-old);
}

static char *
c18n_strdup(const char *s)
{
char *buf = strdup(s);

INC_NUM_BYTES(cheri_getlen(buf));
return (buf);
}

/*
* Policies
*/
Expand Down Expand Up @@ -320,10 +329,13 @@
{
compart_id_t i;
struct compart *com;
char *c_name;

rtld_require(comparts.size <= COMPART_ID_MAX,
"c18n: Compartment ID overflow for %s", name);

c_name = c18n_strdup(name);

if (comparts.size == comparts.capacity)
expand_comparts_data(comparts.capacity * 2);

Expand All @@ -335,10 +347,10 @@
com = &comparts.data[i];
*com = (struct compart) {
.info = (struct rtld_c18n_compart) {
.rcc_name = name,
.rcc_name = c_name,
.rcc_id = i
},
.name = name
.name = c_name
};
c18n_info->comparts_size = r_debug.r_comparts_size = comparts.size;

Expand Down Expand Up @@ -485,10 +497,10 @@

if (eat(&cur, "compartment ")) {
if (eat_token(&cur, '\n', buf, sizeof(buf)))
com = add_comparts_data(strdup(buf));
com = add_comparts_data(buf);
else
policy_error(&cur);

Check warning on line 503 in libexec/rtld-elf/rtld_c18n.c

View workflow job for this annotation

GitHub Actions / Style Checker 

Missing Signed-off-by: line

Check warning on line 503 in libexec/rtld-elf/rtld_c18n.c

View workflow job for this annotation

GitHub Actions / Style Checker 

Missing Signed-off-by: line
while (eat(&cur, "\t"))
if (eat_token(&cur, '\n', buf, sizeof(buf)))
string_base_push(&com->libs, buf);
Expand Down
Loading