Fix: bytecode validator: reject specialized load instructions
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 29 Sep 2022 20:50:09 +0000 (16:50 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Thu, 29 Sep 2022 20:50:09 +0000 (16:50 -0400)
Reject specialized load instructions so a bytecode crafted with
nefarious intent cannot read a memory area larger than the memory
targeted by the instrumentation.

This prevents bytecode received from the session daemon from performing
out of bound memory accesses and from disclosing the content of
application memory beyond what has been targeted by the instrumentation.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: Id81d73e890b29fe2ac6073681ef1faffc52ebfa7

liblttng-ust/lttng-filter-validator.c

index acac7ce7fad52228d1488bddf8a5c4d378fd4189..4e99dc50f983c6b07bbc500291203e5a09ce46d2 100644 (file)
@@ -1066,60 +1066,28 @@ int validate_instruction_context(struct bytecode_runtime *bytecode,
                dbg_printf("Validate load field\n");
                break;
        }
+
+       /*
+        * Disallow already specialized bytecode op load field instructions to
+        * ensure that the received bytecode does not read a memory area larger
+        * than the memory targeted by the instrumentation.
+        */
        case FILTER_OP_LOAD_FIELD_S8:
-       {
-               dbg_printf("Validate load field s8\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_S16:
-       {
-               dbg_printf("Validate load field s16\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_S32:
-       {
-               dbg_printf("Validate load field s32\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_S64:
-       {
-               dbg_printf("Validate load field s64\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_U8:
-       {
-               dbg_printf("Validate load field u8\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_U16:
-       {
-               dbg_printf("Validate load field u16\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_U32:
-       {
-               dbg_printf("Validate load field u32\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_U64:
-       {
-               dbg_printf("Validate load field u64\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_STRING:
-       {
-               dbg_printf("Validate load field string\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_SEQUENCE:
-       {
-               dbg_printf("Validate load field sequence\n");
-               break;
-       }
        case FILTER_OP_LOAD_FIELD_DOUBLE:
        {
-               dbg_printf("Validate load field double\n");
-               break;
+               dbg_printf("Validate load field, reject specialized load instruction (%d)\n",
+                               (int) opcode);
+               ret = -EINVAL;
+               goto end;
        }
 
        case FILTER_OP_GET_SYMBOL:
This page took 0.026141 seconds and 4 git commands to generate.