From: Martin Cermak Date: Mon, 11 Aug 2025 09:17:58 +0000 (+0200) Subject: faccessat and faccessat2 should do better checks X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f15d7a7997e6fce003edfce7eaf1a730cd67a4a5;p=thirdparty%2Fvalgrind.git faccessat and faccessat2 should do better checks Do more fine-grained checks within sys_faccessat and sys_faccessat2 syscall wrappers. Allow passing special value of VKI_AT_FDCWD as a file descriptor. Check for valid flags. https://bugs.kde.org/show_bug.cgi?id=507853 --- diff --git a/NEWS b/NEWS index 9b4696002..8d3c33ab2 100644 --- a/NEWS +++ b/NEWS @@ -68,6 +68,7 @@ are not entered into bugzilla tend to get forgotten about or ignored. 506967 Implement and override mallinfo2 506970 mmap needs an EBADF fd_allowed check 507173 s390x: Crash when constant folding is disabled +507853 faccessat and faccessat2 should handle AT_FDCWD and absolute paths 507868 futimesat doesn't handle AT_FDCWD 507873 Make fchmodat and fchmodat2 syscall wrappers accept AT_FDCWD 507897 Allow for patching LTP sources diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index 1033d2409..ead6d9d59 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -6475,26 +6475,34 @@ PRE(sys_fchmodat2) PRE(sys_faccessat) { FUSE_COMPATIBLE_MAY_BLOCK(); - PRINT("sys_faccessat ( %ld, %#" FMT_REGWORD "x(%s), %ld )", - SARG1, ARG2, (HChar*)(Addr)ARG2, SARG3); + Int arg_1 = (Int) ARG1; + const HChar *path = (const HChar*) ARG2; + Int arg_3 = (Int) ARG3; + PRINT("sys_faccessat ( %d, %#" FMT_REGWORD "x(%s), %d )", + arg_1, ARG2, path, arg_3); PRE_REG_READ3(long, "faccessat", int, dfd, const char *, pathname, int, mode); PRE_MEM_RASCIIZ( "faccessat(pathname)", ARG2 ); - if ( !ML_(fd_allowed)(SARG1, "faccessat", tid, False) ) - SET_STATUS_Failure( VKI_EBADF ); - + if ((ML_(safe_to_deref) (path, 1)) && (path[0] != '/')) + if ( arg_1 != VKI_AT_FDCWD && !ML_(fd_allowed)(arg_1, "faccessat", tid, False) ) + SET_STATUS_Failure( VKI_EBADF ); } PRE(sys_faccessat2) { FUSE_COMPATIBLE_MAY_BLOCK(); - PRINT("sys_faccessat2 ( %ld, %#" FMT_REGWORD "x(%s), %ld, %ld )", - SARG1, ARG2, (HChar*)(Addr)ARG2, SARG3, SARG4); + Int arg_1 = (Int) ARG1; + const HChar *path = (const HChar*) ARG2; + Int arg_3 = (Int) ARG3; + Int arg_4 = (Int) ARG4; + PRINT("sys_faccessat2 ( %d, %#" FMT_REGWORD "x(%s), %d, %d )", + arg_1, ARG2, path, arg_3, arg_4); PRE_REG_READ4(long, "faccessat2", int, dfd, const char *, pathname, int, mode, int, flags); PRE_MEM_RASCIIZ( "faccessat2(pathname)", ARG2 ); - if ( !ML_(fd_allowed)(SARG1, "faccessat2", tid, False) ) - SET_STATUS_Failure( VKI_EBADF ); + if ((ML_(safe_to_deref) (path, 1)) && (path[0] != '/')) + if ( arg_1 != VKI_AT_FDCWD && !ML_(fd_allowed)(arg_1, "faccessat2", tid, False) ) + SET_STATUS_Failure( VKI_EBADF ); } PRE(sys_name_to_handle_at)