From: Alexandra Hájková <ahajkova@redhat.com>
Date: Thu, 20 Jun 2024 11:45:56 +0000 (-0400)
Subject: Don't allow programs calling fnctl on valgrind's own file descriptors
X-Git-Tag: VALGRIND_3_24_0~106
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b83e3d47daaf5eff2ca96867a8c790e13830eb5;p=thirdparty%2Fvalgrind.git

Don't allow programs calling fnctl on valgrind's own file descriptors

Add a call to ML_(fd_allowed) in the PRE handler of fcntl and fcntl64
and block syscalls with EBADF when the file descriptor isn't allowed
to be used by the program.

https://bugs.kde.org/show_bug.cgi?id=337388
---

diff --git a/NEWS b/NEWS
index 49d055bee..9c828068f 100644
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,7 @@ are not entered into bugzilla tend to get forgotten about or ignored.
         valgrind: vex x86->IR: unhandled instruction bytes:
         0x66 0xF 0x3A 0x2
 311655  --log-file=FILE leads to apparent fd leak
+337388  fcntl works on Valgrind's own file descriptors
 377966  arm64 unhandled instruction dc zva392146  aarch64: unhandled
         instruction 0xD5380001 (MRS rT, midr_el1)
 392146  aarch64: unhandled instruction 0xD5380001 (MRS rT, midr_el1)
diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 45413fdd9..9f3c51c17 100644
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -6978,6 +6978,10 @@ PRE(sys_fcntl)
    if (ARG2 == VKI_F_SETLKW)
 #  endif
       *flags |= SfMayBlock;
+
+   if (!ML_(fd_allowed)(ARG1, "fcntl", tid, False)) {
+     SET_STATUS_Failure (VKI_EBADF);
+   }
 }
 
 POST(sys_fcntl)
@@ -7088,6 +7092,10 @@ PRE(sys_fcntl64)
    if (ARG2 == VKI_F_SETLKW)
 #  endif
       *flags |= SfMayBlock;
+
+   if (!ML_(fd_allowed)(ARG1, "fcntl64", tid, False)) {
+     SET_STATUS_Failure (VKI_EBADF);
+   }
 }
 
 POST(sys_fcntl64)