d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ASLR: check for max_addr after applying randomization, not before.

Browse Source 
Otherwise resulting address from vm_map_find() migh not satisfy the
upper limit.  For instance, it could affect MAP_32BIT flag from 64bit
processes.

Found by:	Doug Moore <dougm@rice.edu>
Reviewed by:	alc, Doug Moore <dougm@rice.edu>
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D19688
This commit is contained in:
kib 2019-03-23 16:36:18 +00:00
parent 273edcd24b
commit b37c7d4a72
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/vm/vm_map.c
View File

@ -1673,11 +1673,12 @@ again:
(max_addr == 0 || max_addr > MAP_32BIT_MAX_ADDR) ?
aslr_pages_rnd_64[pidx] : aslr_pages_rnd_32[pidx];
if (vm_map_findspace(map, curr_min_addr, length +
gap * pagesizes[pidx], addr) ||
(max_addr != 0 && *addr + length > max_addr))
gap * pagesizes[pidx], addr))
goto again;
/* And randomize the start address. */
*addr += (arc4random() % gap) * pagesizes[pidx];
if (max_addr != 0 && *addr + length > max_addr)
goto again;
} else if (vm_map_findspace(map, curr_min_addr, length, addr) ||
(max_addr != 0 && *addr + length > max_addr)) {
if (cluster) {