Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syscall: ParseDirent is unsafe #15653

Closed
neild opened this issue May 11, 2016 · 3 comments
Closed

syscall: ParseDirent is unsafe #15653

neild opened this issue May 11, 2016 · 3 comments
Labels
FrozenDueToAge Security
Milestone
Go1.8

Comments

@neild
Copy link
Contributor

neild commented May 11, 2016

syscall.ParseDirent does not sufficiently validate its inputs to avoid crashes or returning uninitialized memory to the caller (via unsafe use of unsafe).

e.g., from syscall_linux.go:

func ParseDirent(buf []byte, max int, names []string) (consumed int, count int, newnames []string) {
        origlen := len(buf)
        count = 0
        for max != 0 && len(buf) > 0 { // <-- should check to see if len(buf) >= sizeof(Dirent) 
                dirent := (*Dirent)(unsafe.Pointer(&buf[0]))
                buf = buf[dirent.Reclen:] // <-- should validate dirent.Reclen isn't out of bound 
                if dirent.Ino == 0 { // File absent in directory.
                        continue
                }
                bytes := (*[10000]byte)(unsafe.Pointer(&dirent.Name[0]))
                var name = string(bytes[0:clen(bytes[:])]) // <-- should make sure this doesn't read more than dirent.Reclen
                if name == "." || name == ".." { // Useless names
                        continue
                }
                max--
                count++
                names = append(names, name)
        }
        return origlen - len(buf), count, names
}
@bradfitz bradfitz changed the title syscall.ParseDirent is unsafe syscall: ParseDirent is unsafe May 11, 2016
@bradfitz bradfitz added this to the Go1.7 milestone May 11, 2016
@harshavardhana harshavardhana mentioned this issue May 11, 2016
Closed
@bradfitz
Copy link
Contributor

Nice.

@rsc rsc modified the milestones: Go1.8, Go1.7 May 18, 2016
@neild neild self-assigned this Jun 3, 2016
@gopherbot
Copy link

CL https://golang.org/cl/23780 mentions this issue.

@bradfitz bradfitz mentioned this issue Jul 22, 2016
Closed
@hirochachacha hirochachacha mentioned this issue Aug 11, 2016
Closed
@cespare cespare mentioned this issue Mar 29, 2017
Closed
@gopherbot
Copy link

CL https://golang.org/cl/38758 mentions this issue.

gopherbot pushed a commit to golang/sys that referenced this issue Mar 29, 2017
@bradfitz
unix: validate ParseDirent inputs
9a7256c 
This is a copy of https://golang.org/cl/23780 for the x/sys repo.

Don't panic, crash, or return references to uninitialized memory when 
ParseDirent is passed invalid input.

Updates golang/go#15653
Fixes golang/go#19754

Change-Id: Idb7cffe14d48ed662e5a55ecb5249c1907cf4003
Reviewed-on: https://go-review.googlesource.com/38758
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@golang golang locked and limited conversation to collaborators Mar 29, 2018
@rsc rsc unassigned neild Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Security
Projects
None yet
Milestone
Go1.8
Development

No branches or pull requests
4 participants
@bradfitz @neild @rsc @gopherbot