test: avoid failing RunTest if pcre2test -S is not supported#37
Merged
Conversation
If `pcre2test -S` is not supported then then avoid checking for it in a test. There is already a conditional check for it to be used when it is needed and it is available, so adjust that as well.
Minix 3 has a BSD userspace and now works fine, but Haiku still doesn't support stack limits, so update accordingly.
PhilipHazel
added a commit
that referenced
this pull request
Nov 9, 2021
minipli-oss
added a commit
to minipli-oss/pcre2
that referenced
this pull request
Nov 8, 2022
In create_tempfile() we look for a suitable place to put the temporary
file into and, among others, look at $TMPDIR. If the value of this
environment variable exceeds the bounds of the local tmp_name[] buffer,
we ignore it. However, we still change the value of 'tmp_name_len' which
leads to follow-up errors.
On debug builds this can lead to hitting the assertion as can be seen
below:
$ TMPDIR=$(perl -e 'print "A"x1024') ./bin/array_access
Assertion failed at sljit_src/sljitProtExecAllocator.c:147
Aborted
For non-debug builds, however, this can lead to a memory corruption, by
abusing the fact that we change a trailing '/' to '\0' later on. With a
sufficiently high enough value for 'tmp_name_len' this can corrupt stack
frames up in the call chain.
Fix this by setting 'tmp_name_len' only if value it is based on is found
to be valid -- just like it was prior to commit 98323bd82218.
Fixes: 98323bd82218 ("protexec: refactor create_tempfile() (PCRE2Project#37)")
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
minipli-oss
added a commit
to minipli-oss/pcre2
that referenced
this pull request
Dec 16, 2022
In create_tempfile() we look for a suitable place to put the temporary
file into and, among others, look at $TMPDIR. If the value of this
environment variable exceeds the bounds of the local tmp_name[] buffer,
we ignore it. However, we still change the value of 'tmp_name_len' which
leads to follow-up errors.
On debug builds this can lead to hitting the assertion as can be seen
below:
$ TMPDIR=$(perl -e 'print "A"x1024') ./bin/array_access
Assertion failed at sljit_src/sljitProtExecAllocator.c:147
Aborted
For non-debug builds, however, this can lead to a memory corruption, by
abusing the fact that we change a trailing '/' to '\0' later on. With a
sufficiently high enough value for 'tmp_name_len' this can corrupt stack
frames up in the call chain.
Fix this by setting 'tmp_name_len' only if value it is based on is found
to be valid -- just like it was prior to commit 98323bd82218.
Fixes: 98323bd82218 ("protexec: refactor create_tempfile() (PCRE2Project#37)")
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If
pcre2test -Sis not supported then avoid checking for itin a test.
There is already a conditional check for it to be used when it is
needed and it is available, so adjust that as well.
While at it, update the list of platforms that don't support it.