From nobody Sat Nov 15 09:30:20 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d7pdS47pxz6HRbL; Sat, 15 Nov 2025 09:30:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4d7pdS3WH1z3YSF; Sat, 15 Nov 2025 09:30:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1763199020; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6teivlivKAc3JDGjbVHp8iSvBu7yqO2RFYmaFnohpIE=; b=JDNzCVb557sm5yoC+asO8GmcTHFQl2Qa6wzMbKwz8/ROGsSac0GzzMK6nfkMS0A56vskrC JJvKEmzxJCiDjL7ezzjITTklBfIb/htSi4JNa425zKoO5O5S9NQhn+rzgwDbop7XA5+/gs ESVgH3ZGZX/VJY0TnsnLKeF5X9PntuvlH2YZdDFqy/DCKQxCogxdznOf8DPGVM7k8Zaul/ H1sjapQJZ5bAvzKqZ9S+0Y31v4IwJ173e6IKnxEjPAuW2o0znPT16SnzMVJmubdqDr10jr z55/gR2w9QqjWwcQlLxtMJtuRnvzJaGvT3GLo9DbCDe7si1oew6PpsiX9TGntg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1763199020; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6teivlivKAc3JDGjbVHp8iSvBu7yqO2RFYmaFnohpIE=; b=HDocNkl4wNUTDaWM58xuGeu3fTQ9jLOd5dBU2JgD+0ZGUVKYpYSTkzAm5EGcMPtqx1FL0p Y/LsWasMc0W7BNb48sdMqJNdFuFwRKseTxXNmEDX1DQrmBxKTjaRzibTJieyenmdQrxyuI XbsmN0NudLHR2CQewAzPkP4nN7IKgSWPw86tSS3B9Ka79lir7zqVux5SE0FO7jEn3xlRso eVh+/vaNzMX1N8+j+Ec7gLttMhmzxdCAcy4iQLM2INVRmOhSLxsGO8TNQrfiq4vEgJ9PNs 8/IpAdB18YBfJhJjz5KI9c5HftJUbApcbSD9pyzF6zM8l15Qt731NGZoWk3KxQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1763199020; a=rsa-sha256; cv=none; b=hp04DENljsm9AlY5XaI2kxR3ZES0v0/NeETuHo+m3P89+ISeYQ3ckka+wWpxxspdOiKUw4 FZRECkFZePvm4bKiltSQznvHAT5kcImGBcRC2swYi/xZsQmB/6nKXsGkRtE73W5+HsyOCY ngxWqUge4iQfldxB22E+oCaLKKWySukrZqcQuFo6FZ9ZHVS3b2GdllFk/FtwpoEfDqU2Bt JZVicxoqDQBL37Ly2fTYtBF3o3nvzVxLnGJm36jwktj2/9i1cf1Q6U3dr4TtJIzc57L2nV x5+lQuQcO9XWRxFqycYY0mpzToUS4kiXsYamFt/xIqNjw8WiBiFFcOiISC+KJQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d7pdS36yGznDL; Sat, 15 Nov 2025 09:30:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5AF9UKke092050; Sat, 15 Nov 2025 09:30:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5AF9UKAZ092048; Sat, 15 Nov 2025 09:30:20 GMT (envelope-from git) Date: Sat, 15 Nov 2025 09:30:20 GMT Message-Id: <202511150930.5AF9UKAZ092048@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 4872b48b175c - main - setcred(): Fix 32-bit compatibility copy-in List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4872b48b175cc637ee38f645d68b8207d9335474 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=4872b48b175cc637ee38f645d68b8207d9335474 commit 4872b48b175cc637ee38f645d68b8207d9335474 Author: Olivier Certner AuthorDate: 2025-11-14 20:20:12 +0000 Commit: Olivier Certner CommitDate: 2025-11-15 09:29:49 +0000 setcred(): Fix 32-bit compatibility copy-in For 32-bit processes on 64-bit architectures, a difference of 'int' pointers was wrongly used as a number of bytes to copy in a memcpy() used to internally construct a 64-bit 'struct setcred' from the 32-bit variant, leading to copying only part of the 32-bit structure, and thus to requesting credentials with garbage IDs except for the real and effective user IDs. This bug was spotted by jhb@, who produced a slightly more invasive fix in D53757 (a switch to using CP() on all fields). In the interest of minimizing the diff for possible inclusion in 15.0, the commit here just limits itself to fixing the number of bytes to copy. Tested successfully on a VM with 32-bit mdo(1) (and in passing also tested that the same executable on a kernel without this change exhibits the bug in practice, in the form of setcred() failing with EINVAL). Reported by: jhb Reviewed by: jhb Fixes: ddb3eb4efe55 ("New setcred() system call and associated MAC hooks") MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53767 --- sys/kern/kern_prot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 06696612f8c4..81099aa7d28d 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -603,8 +603,8 @@ user_setcred(struct thread *td, const u_int flags, if (error != 0) return (error); /* These fields have exactly the same sizes and positions. */ - memcpy(&wcred, &wcred32, &wcred32.setcred32_copy_end - - &wcred32.setcred32_copy_start); + memcpy(&wcred, &wcred32, __rangeof(struct setcred32, + setcred32_copy_start, setcred32_copy_end)); /* Remaining fields are pointers and need PTRIN*(). */ PTRIN_CP(wcred32, wcred, sc_supp_groups); PTRIN_CP(wcred32, wcred, sc_label);