tools: acrn-crashlog: fix potential issues under common and usercrash

This patch is to fix buffer overflow, return value not unified and variable type not matched issues. And add some judge logic to improve code quality. Changes: 1. Handle the fd properly in the failing case. 2. Fix buffer overflow issues and null pointer access issues. 3. Fix the format issue in log_sys.c. 4. Remove the useless branch and adjust the function logic. 5. Add some checks for the string length before using strcpy/strcat/memcpy. 6. Fix strncpy null-terminated issues. 7. Change the return value to unify the return type. Signed-off-by: CHEN Gang <gang.c.chen@intel.com> Signed-off-by: xiaojin2 <xiaojing.liu@intel.com> Reviewed-by: Zhi Jin <zhi.jin@intel.com> Reviewed-by: Liu Xinwu <xinwu.liu@intel.com> Acked-by: Zhang Di <di.zhang@intel.com>
2025-09-05 19:00:16 +00:00 · 2018-06-08 12:47:59 +08:00
parent 48067b1cab
commit cb39badf82
10 changed files with 111 additions and 80 deletions
--- a/tools/acrn-crashlog/usercrash/protocol.c
+++ b/tools/acrn-crashlog/usercrash/protocol.c
@@ -27,23 +27,28 @@
 #include "protocol.h"
 #include "log_sys.h"

+#define SUN_PATH_MAX \
+	(sizeof(struct sockaddr_un) - offsetof(struct sockaddr_un, sun_path))
+
 /* Documented in header file. */
 static int socket_make_sockaddr_un(const char *name,
 		struct sockaddr_un *p_addr, socklen_t *alen)
 {
-	size_t namelen;
+	size_t name_len;
+	size_t socket_len;

-	memset(p_addr, 0, sizeof(struct sockaddr_un));
-	namelen = strlen(name) + strlen(RESERVED_SOCKET_PREFIX);
-	/* unix_path_max appears to be missing on linux */
-	if (namelen > sizeof(*p_addr)-
-			offsetof(struct sockaddr_un, sun_path) - 1) {
+	socket_len = strlen(RESERVED_SOCKET_PREFIX);
+	if (socket_len >= SUN_PATH_MAX)
 		return -1;
-	}
 	strcpy(p_addr->sun_path, RESERVED_SOCKET_PREFIX);
+	name_len = strlen(name);
+	if (name_len >= (SUN_PATH_MAX - socket_len))
+		return -1;
 	strcat(p_addr->sun_path, name);
+
 	p_addr->sun_family = AF_LOCAL;
-	*alen = namelen + offsetof(struct sockaddr_un, sun_path) + 1;
+	*alen = name_len + socket_len +
+		offsetof(struct sockaddr_un, sun_path) + 1;
 	return 0;
 }

@@ -100,8 +105,12 @@ static int socket_bind(int fd, const char *name)
 {
 	struct sockaddr_un addr;
 	socklen_t alen;
+	size_t name_len;

 	addr.sun_family = AF_UNIX;
+	name_len = strlen(name);
+	if (name_len >= SUN_PATH_MAX)
+		return -1;
 	strcpy(addr.sun_path, name);
 	unlink(addr.sun_path);
 	alen = strlen(addr.sun_path) + sizeof(addr.sun_family);