CVS commit: src/sys

Paul Goyette Mon, 08 Apr 2019 04:32:59 -0700

Module Name:    src
Committed By:   pgoyette
Date:           Mon Apr  8 11:32:49 UTC 2019


Modified Files:
        src/sys/kern: kern_module.c
        src/sys/sys: module.h

Log Message:
Improve kernel module validation.  First, set a limit on how much of the
module name field to check when validation name's length.  Second, check
the module's mi_class to ensure it is valid.

Update the commenet in sys/module.h to indicate that the module classes
are now being validated.


To generate a diff of this commit:
cvs rdiff -u -r1.133 -r1.134 src/sys/kern/kern_module.c
cvs rdiff -u -r1.45 -r1.46 src/sys/sys/module.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/kern_module.c
diff -u src/sys/kern/kern_module.c:1.133 src/sys/kern/kern_module.c:1.134
--- src/sys/kern/kern_module.c:1.133	Sun Jan 27 02:08:43 2019
+++ src/sys/kern/kern_module.c	Mon Apr  8 11:32:49 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_module.c,v 1.133 2019/01/27 02:08:43 pgoyette Exp $	*/
+/*	$NetBSD: kern_module.c,v 1.134 2019/04/08 11:32:49 pgoyette Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.133 2019/01/27 02:08:43 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.134 2019/04/08 11:32:49 pgoyette Exp $");
 
 #define _MODULE_INTERNAL
 
@@ -1090,12 +1090,19 @@ module_do_load(const char *name, bool is
 	 * Check compatibility.
 	 */
 	mi = mod->mod_info;
-	if (strlen(mi->mi_name) >= MAXMODNAME) {
+	if (strnlen(mi->mi_name, MAXMODNAME) >= MAXMODNAME) {
 		error = EINVAL;
 		module_error("module name `%s' longer than %d", mi->mi_name,
 		    MAXMODNAME);
 		goto fail;
 	}
+	if (mi->mi_class <= MODULE_CLASS_ANY ||
+	    mi->mi_class >= MODULE_CLASS_MAX) {
+		error = EINVAL;
+		module_error("module `%s' has invalid class %d",
+		    mi->mi_name, mi->mi_class);
+		    goto fail;
+	}
 	if (!module_compatible(mi->mi_version, __NetBSD_Version__)) {
 		module_error("module `%s' built for `%d', system `%d'",
 		    mi->mi_name, mi->mi_version, __NetBSD_Version__);

Index: src/sys/sys/module.h
diff -u src/sys/sys/module.h:1.45 src/sys/sys/module.h:1.46
--- src/sys/sys/module.h:1.45	Mon Apr  8 11:02:58 2019
+++ src/sys/sys/module.h	Mon Apr  8 11:32:49 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: module.h,v 1.45 2019/04/08 11:02:58 pgoyette Exp $	*/
+/*	$NetBSD: module.h,v 1.46 2019/04/08 11:32:49 pgoyette Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 #define	MAXMODNAME	32
 #define	MAXMODDEPS	10
 
-/* Module classes, provided only for system boot and cosmetic purposes. */
+/* Module classes, provided only for system boot and module validation. */
 typedef enum modclass {
 	MODULE_CLASS_ANY,
 	MODULE_CLASS_MISC,

CVS commit: src/sys

Reply via email to