Home Explore Help
Sign In
DragonOS-Community
/
aya
mirror of https://github.com/aya-rs/aya
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Ensure log buffer bounds

This change adds checks in `TagLenValue.write()` to ensure that the size
of written data doesn't exceed the buffer size.

Verifier in recent kernel versions requires the bound to be a constant
value, so using `buf.len()` does not work.

Signed-off-by: Michal Rostecki <[email protected]>
Michal Rostecki 2 years ago
parent
6aea880890
commit
2e07028
1 changed files with 8 additions and 1 deletions
Split View Show Diff Stats
  1. 8 1
      aya-log/aya-log-common/src/lib.rs

+ 8 - 1
aya-log/aya-log-common/src/lib.rs
View File 

@@ -90,7 +90,9 @@ where
 
 
     pub(crate) fn write(&self, mut buf: &mut [u8]) -> Result<usize, ()> {
 
         let size = mem::size_of::<T>() + mem::size_of::<usize>() + self.value.len();
 
-        if buf.len() < size {
 
+        // The verifier rejects the program if it can't see that `size` doesn't
 
+        // exceed the buffer size.
 
+        if size > LOG_BUF_CAPACITY {
 
             return Err(());
 
         }
 
 
@@ -101,6 +103,11 @@ where
 
         buf = &mut buf[mem::size_of::<usize>()..];
 
 
         let len = cmp::min(buf.len(), self.value.len());
 
+        // The verifier rejects the program if it can't see that `size` doesn't
 
+        // exceed the buffer size.
 
+        if len > LOG_BUF_CAPACITY {
 
+            return Err(());
 
+        }
 
         buf[..len].copy_from_slice(&self.value[..len]);
 
         Ok(size)
 
     }