Fix: utils: avoid strncpy overlap in utils_partial_realpath
authorSimon Marchi <simon.marchi@efficios.com>
Mon, 12 Apr 2021 17:23:39 +0000 (13:23 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Tue, 13 Apr 2021 20:21:09 +0000 (16:21 -0400)
commitabcdc00cea4a7b354509b3547a8ddd581a9d5dfa
tree5875e2b5bda5207b2f45e081900c91e5b0497854
parent440bede9ee59598b9ea8a3a3ff3191b8c84bd4f7
Fix: utils: avoid strncpy overlap in utils_partial_realpath

When running the test_utils_expand_path test with ASan enabled, I get:

➜  lttng-tools ./tests/unit/test_utils_expand_path
1..29
INPUT: /a/b/c/d/e
=================================================================
==1485873==ERROR: AddressSanitizer: strncpy-param-overlap: memory ranges [0x621000021d00,0x621000021d0b) and [0x621000021d00, 0x621000021d0b) overlap
    #0 0x7ffff761fd97 in __interceptor_strncpy /build/gcc/src/gcc/libsanitizer/asan/asan_interceptors.cpp:481
    #1 0x555555573834 in utils_partial_realpath /home/simark/src/lttng-tools/src/common/utils.c:195
    #2 0x55555557410b in _utils_expand_path /home/simark/src/lttng-tools/src/common/utils.c:374
    #3 0x555555574340 in utils_expand_path /home/simark/src/lttng-tools/src/common/utils.c:420
    #4 0x555555570b28 in test_utils_expand_path /home/simark/src/lttng-tools/tests/unit/test_utils_expand_path.c:274
    #5 0x55555557119e in main /home/simark/src/lttng-tools/tests/unit/test_utils_expand_path.c:345
    #6 0x7ffff725fb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
    #7 0x55555556fa3d in _start (/home/simark/build/lttng-tools/tests/unit/test_utils_expand_path+0x1ba3d)

0x621000021d00 is located 0 bytes inside of 4096-byte region [0x621000021d00,0x621000022d00)
allocated by thread T0 here:
    #0 0x7ffff7677639 in __interceptor_calloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x55555557269d in zmalloc /home/simark/src/lttng-tools/src/common/macros.h:45
    #2 0x555555573d34 in _utils_expand_path /home/simark/src/lttng-tools/src/common/utils.c:335
    #3 0x555555574340 in utils_expand_path /home/simark/src/lttng-tools/src/common/utils.c:420
    #4 0x555555570b28 in test_utils_expand_path /home/simark/src/lttng-tools/tests/unit/test_utils_expand_path.c:274
    #5 0x55555557119e in main /home/simark/src/lttng-tools/tests/unit/test_utils_expand_path.c:345
    #6 0x7ffff725fb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)

0x621000021d00 is located 0 bytes inside of 4096-byte region [0x621000021d00,0x621000022d00)
allocated by thread T0 here:
    #0 0x7ffff7677639 in __interceptor_calloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x55555557269d in zmalloc /home/simark/src/lttng-tools/src/common/macros.h:45
    #2 0x555555573d34 in _utils_expand_path /home/simark/src/lttng-tools/src/common/utils.c:335
    #3 0x555555574340 in utils_expand_path /home/simark/src/lttng-tools/src/common/utils.c:420
    #4 0x555555570b28 in test_utils_expand_path /home/simark/src/lttng-tools/tests/unit/test_utils_expand_path.c:274
    #5 0x55555557119e in main /home/simark/src/lttng-tools/tests/unit/test_utils_expand_path.c:345
    #6 0x7ffff725fb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)

The sole caller of utils_partial_realpath, _utils_expand_path, passes
the same buffer (resolved_path) for the input and output.  This causes
utils_partial_realpath to call strncpy with overlapping strings.

Fix it by making utils_partial_realpath allocate new memory for the
returned string itself.  This causes one more allocation than the
current code, because we don't re-use the existing buffer, but this
should be fine since this isn't exactly performance-critical code.
I think the code is easier to follow as a result.

Change-Id: I98a9aafc08d3bef45e3a83cbeef049f249b86f59
Signed-off-by: Simon Marchi <simon.marchi@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/common/utils.c
This page took 0.033314 seconds and 4 git commands to generate.