freebsd-skq/lib
Stefan Eßer 6c2596f00c Change getlocalbase() to not allocate any heap memory
After the commit of the current version, Scott Long pointed out, that an
attacker might be able to cause a use-after-free access if this function
returned the value of the sysctl variable "user.localbase" by freeing
the allocated memory without the cached address being cleared in the
library function.

To resolve this issue, I have proposed the originally suggested version
with a statically allocated buffer in a review (D27370). There was no
feedback on this review and after waiting for more than 2 weeks, the
potential security issue is fixed by this commit. (There was no security
risk in practice, since none of the programs converted to use this
function attempted to free the buffer. The address could only have
pointed into the heap if user.localbase was set to a non-default value,
into r/o data or the environment, else.)

This version uses a static buffer of size LOCALBASE_CTL_LEN, which
defaults to MAXPATHLEN. This does not increase the memory footprint
of the library at this time, since its data segment grows from less
than 7 KB to less than 8 KB, i.e. it will get two 4 KB pages on typical
architectures, anyway.

Compiling with LOCALBASE_CTL_LEN defined as 0 will remove the code
that accesses the sysctl variable, values between 1 and MAXPATHLEN-1
will limit the maximum size of the prefix. When built with such a
value and if too large a value has been configured in user.localbase,
the value defined as ILLEGAL_PREFIX will be returned to cause any
file operations on that result to fail. (Default value is "/dev/null/",
the review contained "/\177", but I assume that "/dev/null" exists and
can not be accessed as a directory. Any other string that can be assumed
not be a valid path prefix could be used.)

I do suggest to use LOCALBASE_CTL_LEN to size the in-kernel buffer for
the user.localbase variable, too. Doing this would guarantee that the
result always fit into the buffer in this library function (unless run
on a kernel built with a different buffer size.)

The function always returns a valid string, and only in case it is built
with a small static buffer and run on a system with too large a value in
user.localbase, the ILLEGAL_PREFIX will be returned, effectively causing
the created path to be non-existent.

Differential Revision:	https://reviews.freebsd.org/D27370
2020-12-12 11:23:52 +00:00
..
atf Update Makefile.depend files 2019-12-11 17:37:53 +00:00
clang Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp 2020-10-12 21:35:29 +00:00
csu Add C startup code tests for PIE binaries. 2020-11-10 19:09:35 +00:00
flua flua: Add a libjail module 2020-10-24 17:08:59 +00:00
geom Drop "All rights reserved" from all my stuff. This includes 2020-10-28 13:46:11 +00:00
googletest Significantly reduce compile time for googletest internal tests 2020-10-28 11:54:04 +00:00
kyua Install expected kyua docs. 2020-03-26 17:34:17 +00:00
lib9p Add virtio-9p (aka VirtFS) filesystem sharing to bhyve. 2020-10-03 19:05:13 +00:00
lib80211 80211: non-functional changes 2020-10-07 21:56:58 +00:00
libalias libalias: retire cuseeme support 2020-05-16 02:29:10 +00:00
libarchive MFV r368207: 2020-12-01 15:53:12 +00:00
libauditd libauditd: make it a PRIVATELIB 2020-04-19 02:20:39 +00:00
libbe libbe(3): install MLINKS for all of the functions provided 2020-10-18 23:58:40 +00:00
libbearssl Revert that! 2020-07-19 23:56:19 +00:00
libbegemot Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libblacklist Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libblocksruntime Move all sources from the llvm project into contrib/llvm-project. 2019-12-20 19:53:05 +00:00
libbluetooth Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libbsdstat Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libbsm libbsm: fix some MLINKS 2020-04-19 02:18:40 +00:00
libbsnmp Add missing src.opts.mk include 2020-11-13 23:18:04 +00:00
libbz2 Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libc timespec_get(3): sort SEE ALSO correctly 2020-12-11 02:22:42 +00:00
libc_nonshared
libc++ Only set WARNS if not defined 2020-09-11 13:28:37 +00:00
libc++experimental Move all sources from the llvm project into contrib/llvm-project. 2019-12-20 19:53:05 +00:00
libcalendar Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libcam Do a sweep and remove most WARNS=6 settings 2020-10-01 01:10:51 +00:00
libcapsicum Add missing FreeBSD functions to -legacy when building on macOS/Linux 2020-08-25 13:23:31 +00:00
libcasper [libcasper] Update cap_dns API to not trigger unused variable warnings when disabled 2020-10-13 22:49:43 +00:00
libclang_rt Enable SUBDIR_PARELLEL in lib/libclang_rt 2020-10-12 10:42:33 +00:00
libcom_err Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libcompat
libcompiler_rt Follow-up r364753 by only using arm's stdatomic.c implementation, as it 2020-09-10 16:47:12 +00:00
libcrypt Do a sweep and remove most WARNS=6 settings 2020-10-01 01:10:51 +00:00
libcuse Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libcxxrt Only set WARNS if not defined 2020-09-11 13:28:37 +00:00
libdevctl Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libdevdctl libdevdctl: Force full match of "timestamp" field name 2020-06-23 16:29:59 +00:00
libdevinfo devinfo: add man page links 2020-08-04 21:09:36 +00:00
libdevstat Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libdl
libdpv Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libdwarf Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libedit Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libefivar libefivar: define MDE_CPU_RISCV64 2020-07-06 17:47:29 +00:00
libelf libelf: add compression header support 2020-10-23 16:35:23 +00:00
libelftc Update ELF Tool Chain to upstream r3769 2019-12-05 13:20:15 +00:00
libevent1 rename in-tree libevent v1 to libevent1 2020-05-28 22:05:50 +00:00
libexecinfo Move all sources from the llvm project into contrib/llvm-project. 2019-12-20 19:53:05 +00:00
libexpat Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libfetch Remove support for SSLv3 from fetch(3). 2020-11-24 22:10:33 +00:00
libfigpar Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libgcc_eh After r364423, which ensures the callbacks that dl_iterate_phdr(3) 2020-08-25 20:07:11 +00:00
libgcc_s Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
libgeom Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libgpio Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libgssapi libgssapi: modernize static string array use 2020-10-13 17:14:30 +00:00
libiconv_modules Do a sweep and remove most WARNS=6 settings 2020-10-01 01:10:51 +00:00
libifconfig Move list_cloners to libifconfig 2020-10-21 05:27:25 +00:00
libipsec Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec. 2020-06-04 22:58:37 +00:00
libipt Update Intel Processor Trace decoder library. 2019-10-10 12:46:34 +00:00
libjail libjail: Handle an error from reallocarray() when trimming the buffer. 2020-01-07 21:44:27 +00:00
libkiconv pkgbase: Put a lot of binaries and lib in FreeBSD-runtime 2019-09-05 14:13:08 +00:00
libkvm Always use 64-bit physical addresses for dump_avail[] in minidumps 2020-12-03 17:12:31 +00:00
libldns Update Makefile.depend files 2019-12-11 17:37:53 +00:00
liblua Fix -Wundef warnings when building liblua 2020-08-25 13:30:34 +00:00
liblutok Add liblutok a lightweight C++ API for lua. 2020-03-23 18:26:23 +00:00
liblzma liblzma: Make liblzma use libmd implementation of SHA256. 2020-06-20 21:32:07 +00:00
libmagic Fix installation of magic file. 2020-06-17 15:57:59 +00:00
libmd Fix a few mandoc issues 2020-10-09 19:12:44 +00:00
libmemstat malloc: move malloc_type_internal into malloc_type 2020-11-06 21:33:59 +00:00
libmilter Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libmp Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libmt Add the LTO-9 density code to libmt and the mt(1) man page. 2020-12-10 21:06:06 +00:00
libnetbsd
libnetgraph Fix SYNPOSIS section to point to the proper include directive. 2020-05-15 12:04:39 +00:00
libnetmap [libnetmap] Fix 32 bit compilation under gcc-6.4 2020-11-02 15:01:37 +00:00
libngatm Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libnv Fix libnv build post rename 2020-06-27 02:17:04 +00:00
libomp Update build glue for libomp. 2020-01-27 18:04:28 +00:00
libopenbsd Only set WARNS if not defined 2020-09-11 13:28:37 +00:00
libopencsd Update opencsd to 0.14.2 2020-06-17 10:42:20 +00:00
libopie Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libpam Don't explicitly specify c99 or gnu99 as the default is now gnu99. 2020-08-17 05:57:02 +00:00
libpathconv Fix a few mandoc issues 2020-10-09 19:12:44 +00:00
libpcap MFV r353141 (by phillip): 2019-12-21 21:01:03 +00:00
libpe
libpjdlog pkgbase: Create a FreeBSD-utilities package and make it the default one 2019-09-05 14:15:47 +00:00
libpmc libpmc: add support for POWER8/9 PMCs 2020-11-05 16:41:28 +00:00
libpmcstat pmcstat: fix PPC kernel symbol resolution 2020-11-05 16:47:23 +00:00
libproc Do a sweep and remove most WARNS=6 settings 2020-10-01 01:10:51 +00:00
libprocstat libprocstat.3: Correct two occurrences of kvm_getprocs to procstat_getprocs 2020-11-26 22:49:05 +00:00
libradius Fix a few mandoc issues 2020-10-09 19:12:44 +00:00
libregex libregex: implement \b and \B (word boundary, not word boundary) 2020-12-05 03:16:05 +00:00
librpcsec_gss Fix a few mandoc issues 2020-10-09 19:12:44 +00:00
librpcsvc Update Makefile.depend files 2019-12-11 17:37:53 +00:00
librss Update Makefile.depend files 2019-12-11 17:37:53 +00:00
librt pkgbase: Create a FreeBSD-utilities package and make it the default one 2019-09-05 14:15:47 +00:00
librtld_db librtld_db: Handle anonymous mappings below the first file mapping. 2020-06-05 18:44:14 +00:00
libsbuf Do a sweep and remove most WARNS=6 settings 2020-10-01 01:10:51 +00:00
libsdp Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libsecureboot veloader: insist on verifying .4th .lua etc 2020-08-21 00:27:06 +00:00
libsm Merge sendmail 8.16.1 to HEAD: See contrib/sendmail/RELEASE_NOTES for details 2020-07-15 18:28:54 +00:00
libsmb
libsmdb Merge sendmail 8.16.1 to HEAD: See contrib/sendmail/RELEASE_NOTES for details 2020-07-15 18:28:54 +00:00
libsmutil
libsqlite3 [PowerPC64LE] Pass our byte order to the sqlite3 build. 2020-09-23 02:17:44 +00:00
libssp libssp: don't compile with -fstack-protector* 2020-03-14 15:15:27 +00:00
libssp_nonshared Provide libssp based on libc 2020-01-04 20:19:25 +00:00
libstats Make use of the stats(3) framework in the TCP stack. 2019-12-02 20:58:04 +00:00
libstdbuf
libstdthreads Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libsysdecode libsysdecode: decode _UMTX_OP flags 2020-12-09 03:22:44 +00:00
libtacplus libtacplus: Remove bogus srandomdev+random 2019-12-13 05:11:34 +00:00
libtelnet
libthr Add CFI start/end proc directives to arm64, i386, and ppc 2020-12-05 00:33:28 +00:00
libthread_db Remove libthr, csu, libthread_db and testfloat sparc64 specific directories. 2020-02-27 04:44:58 +00:00
libucl Only set WARNS if not defined 2020-09-11 13:28:37 +00:00
libufs Update the libufs cgget() and cgput() interfaces to have a similar 2020-09-19 22:48:30 +00:00
libugidfw Deduplicate fsid comparisons 2020-05-21 01:55:35 +00:00
libulog Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libunbound MFV r361322: 2020-05-21 21:00:46 +00:00
libusb Fix a few mandoc issues 2020-10-09 19:12:44 +00:00
libusbhid USB HID descriptors may push/pop the current state to allow 2020-06-05 07:57:16 +00:00
libutil Change getlocalbase() to not allocate any heap memory 2020-12-12 11:23:52 +00:00
libveriexec Do not claim libbearssl et al are INTERNALLIB 2020-04-01 05:45:12 +00:00
libvgl Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libvmmapi Honor the disabled setting for MSI-X interrupts for passthrough devices. 2020-11-24 23:18:52 +00:00
libwrap Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libxo build: provide a default WARNS for all in-tree builds 2020-09-18 17:17:46 +00:00
liby
libypclnt Update Makefile.depend files 2019-12-11 17:37:53 +00:00
libz Generate zlib.pc from source. 2020-05-12 01:47:33 +00:00
libzstd pkgbase: Move libprivatezstd from utilities to runtime 2020-11-12 14:04:08 +00:00
msun Add CFI start/end proc directives to arm64, i386, and ppc 2020-12-05 00:33:28 +00:00
ncurses Pass the full CFLAGS to cpp for MKlib_gen.sh. 2020-08-03 17:53:15 +00:00
ofed build: provide a default WARNS for all in-tree builds 2020-09-18 17:17:46 +00:00
tests
Makefile flua: Add a libjail module 2020-10-24 17:08:59 +00:00
Makefile.inc build: provide a default WARNS for all in-tree builds 2020-09-18 17:17:46 +00:00