New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kernel/posix: passing bad arguments to sys_unlink results in Page Fault in kernel #976

Open

badochov opened this issue Jan 22, 2024 · 0 comments · May be fixed by phoenix-rtos/phoenix-rtos-kernel#606

Labels

Contributor

badochov commented Jan 22, 2024

This simple application results in Page Fault in kernel:

#include <stdio.h>

int main(void)
{
	/* 0x1 to prevent potential NULL checks. */
	sys_unlink(0x1);

	return 0;
}

Reason:
posix_unlink uses lib_strdup that uses hal_strlen that is the root cause of this problem.
https://github.com/phoenix-rtos/phoenix-rtos-kernel/blob/383558e87fff7ed92f6966449b85ac8f10ac3862/hal/ia32/string.c#L90
hal_strlen doesn't check in any way pointer passed to it and just accesses subsequent bytes until it encounters NUL byte. Moreover passing pathname without NUL byte may also result in pagefault if there is no NUL byte till the end of mapped space.

The text was updated successfully, but these errors were encountered:

badochov added bug kernel labels

This was referenced Oct 4, 2024

!file: Pass pathlen in sys_unlink/link, adapt to the kernel API change phoenix-rtos/libphoenix#385

Closed

!syscall: Change sys_unlink/link API to allow pointer checking phoenix-rtos/phoenix-rtos-kernel#604

Closed

syscalls: Sanitize all pointers phoenix-rtos/phoenix-rtos-kernel#606

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment