From 2b5520da4728c87216b94f548f24adea085df4dc Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Thu, 24 Oct 2019 18:28:23 +0200 Subject: [PATCH] MINOR: cli/debug: validate addresses using may_access() in "debug dev stream" This function adds some control by verifying that the target address is really readable. It will not protect against writing to wrong places, but will at least protect against a large number of mistakes such as incorrectly copy-pasted addresses. --- src/debug.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/debug.c b/src/debug.c index f9acdbff1..ebb95c7e0 100644 --- a/src/debug.c +++ b/src/debug.c @@ -460,14 +460,14 @@ static int debug_parse_cli_stream(char **args, char *payload, struct appctx *app } else if (isteq(name, ist("sib.s"))) { ptr = &s->si[1].state; size = sizeof(s->si[1].state); } else if (isteq(name, ist("wake"))) { - if (s) + if (s && may_access(s) && may_access((void *)s + sizeof(*s) - 1)) task_wakeup(s->task, TASK_WOKEN_TIMER|TASK_WOKEN_IO|TASK_WOKEN_MSG); continue; } else return cli_dynerr(appctx, memprintf(&msg, "Unsupported field name: '%s'.\n", word)); /* read previous value */ - if (s && ptr) { + if ((s || ptr == &s) && ptr && may_access(ptr) && may_access(ptr + size - 1)) { if (size == 8) old = read_u64(ptr); else if (size == 4) @@ -476,6 +476,11 @@ static int debug_parse_cli_stream(char **args, char *payload, struct appctx *app old = read_u16(ptr); else old = *(const uint8_t *)ptr; + } else { + memprintf(&msg, + "%sSkipping inaccessible pointer %p for field '%.*s'.\n", + msg ? msg : "", ptr, (int)(end - word), word); + continue; } /* parse the new value . */ @@ -517,7 +522,7 @@ static int debug_parse_cli_stream(char **args, char *payload, struct appctx *app } /* write the new value */ - if (s && ptr && new != old) { + if (new != old) { if (size == 8) write_u64(ptr, new); else if (size == 4)