git: 6d94fc2b0db9 - releng/13.2 - compiler-rt: avoid segfaults when re-exec'ing with ASLR

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ed Maste <emaste_at_FreeBSD.org>
Date: Tue, 05 Dec 2023 18:22:03 UTC
The branch releng/13.2 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=6d94fc2b0db9c2f0b0d5b116513d745122bc37c4

commit 6d94fc2b0db9c2f0b0d5b116513d745122bc37c4
Author:     Dimitry Andric <dim@FreeBSD.org>
AuthorDate: 2023-11-22 18:23:06 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-12-05 18:20:00 +0000

    compiler-rt: avoid segfaults when re-exec'ing with ASLR
    
    The ReExec() function that re-executes the binary after
    turning off ASLR should not call elf_aux_info(3) and realpath(3), since
    these will also be intercepted. Instead, loop directly over the elf aux
    info vector to find the executable path, and avoid calling realpath(3)
    since it is actually unwanted for this use case.
    
    Fixes:          930a7c2ac67e, 96fe7c8ab0f6
    
    (cherry picked from commit 4c9a0adad18263ec8725d9bfc5f560c6ad1da8bd)
    (cherry picked from commit 7c25a53a2cb975e516cfea78898bfb850db88524)
    
    Note: This is a partial cherry-pick, as only the ReExec change from the
    original applies to FreeBSD 13.2.
    
    Security:       EN-23:15.sanitizer
    Approved by:    so
---
 .../lib/sanitizer_common/sanitizer_linux_libcdep.cpp          | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
index 15a6a4998bd0..6e2c51ea3e8d 100644
--- a/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
+++ b/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp
@@ -55,6 +55,7 @@
 // that, it was never implemented. So just define it to zero.
 #undef MAP_NORESERVE
 #define MAP_NORESERVE 0
+extern const Elf_Auxinfo *__elf_aux_vector;
 #endif
 
 #if SANITIZER_NETBSD
@@ -905,11 +906,11 @@ void ReExec() {
   const char *pathname = "/proc/self/exe";
 
 #if SANITIZER_FREEBSD
-  char exe_path[PATH_MAX];
-  if (elf_aux_info(AT_EXECPATH, exe_path, sizeof(exe_path)) == 0) {
-    char link_path[PATH_MAX];
-    if (realpath(exe_path, link_path))
-      pathname = link_path;
+  for (const auto *aux = __elf_aux_vector; aux->a_type != AT_NULL; aux++) {
+    if (aux->a_type == AT_EXECPATH) {
+      pathname = static_cast<const char *>(aux->a_un.a_ptr);
+      break;
+    }
   }
 #elif SANITIZER_NETBSD
   static const int name[] = {