Sat Feb 22 00:24:15 2020 UTC ()

Avoid undefined behavior in get_modstat_info

t_modctl.c:114:16, member access within misaligned address 0x71bf5bcede84
for type 'struct modstat_t'

t_modctl.c:116:13, load of misaligned address 0x7e81bc3c9104 for type
'struct modstat_t' which requires 8 byte alignment


(kamil)

diff -r1.14 -r1.15 src/tests/modules/t_modctl.c

--- src/tests/modules/t_modctl.c 2019/04/21 11:45:09	1.14
+++ src/tests/modules/t_modctl.c 2020/02/22 00:24:15	1.15

 @@ -1,14 +1,14 @@
-/*	$NetBSD: t_modctl.c,v 1.14 2019/04/21 11:45:09 maya Exp $	*/
+/*	$NetBSD: t_modctl.c,v 1.15 2020/02/22 00:24:15 kamil Exp $	*/
 /*
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
 @@ -17,27 +17,27 @@
  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: t_modctl.c,v 1.14 2019/04/21 11:45:09 maya Exp $");
+__KERNEL_RCSID(0, "$NetBSD: t_modctl.c,v 1.15 2020/02/22 00:24:15 kamil Exp $");
 #include <sys/module.h>
 #include <sys/sysctl.h>
 #include <assert.h>
 #include <errno.h>
 #include <stdarg.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <prop/proplib.h>
 @@ -77,53 +77,55 @@ check_permission(void)
 		atf_tc_skip("Module loading administratively forbidden");
 	ATF_REQUIRE_EQ_MSG(errno, 0, "unexpected error %d from "
 	    "modctl(MODCTL_EXISTS, 0)", errno);
+}
 static bool
 get_modstat_info(const char *name, modstat_t *msdest)
+{
 	bool found;
 	size_t len;
 	int count;
 	struct iovec iov;
 	modstat_t *ms;
 	modstat_t m;
 	check_permission();
 	for (len = 8192; ;) {
 		iov.iov_base = malloc(len);
 		iov.iov_len = len;
 		errno = 0;
 		if (modctl(MODCTL_STAT, &iov) != 0) {
 			int err = errno;
 			fprintf(stderr, "modctl(MODCTL_STAT) failed: %s\n",
 			    strerror(err));
 			atf_tc_fail("Failed to query module status");
+		}
 		if (len >= iov.iov_len)
 			break;
 		free(iov.iov_base);
 		len = iov.iov_len;
+	}
 	found = false;
 	count = *(int *)iov.iov_base;
 	ms = (modstat_t *)((char *)iov.iov_base + sizeof(int));
 	while ( count ) {
-		if (strcmp(ms->ms_name, name) == 0) {
+		memcpy(&m, ms, sizeof(m));
 		if (strcmp(m.ms_name, name) == 0) {
 			if (msdest != NULL)
-				*msdest = *ms;
+				memcpy(msdest, &m, sizeof(*msdest));
 			found = true;
 			break;
+		}
 		ms++;
 		count--;
+	}
 	free(iov.iov_base);
 	return found;
+}
 /*