|
| 1 | +From 69d9bf472c805beb9c2b32e949e83be1c6f05b39 Mon Sep 17 00:00:00 2001 |
| 2 | +From: jykanase <v-jykanase@microsoft.com> |
| 3 | +Date: Mon, 17 Mar 2025 14:13:26 +0000 |
| 4 | +Subject: [PATCH] CVE-2024-2313 |
| 5 | +Source Link : https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 |
| 6 | +--- |
| 7 | + src/utils.cpp | 27 +++++++++++++++++++++++---- |
| 8 | + src/utils.h | 1 + |
| 9 | + 2 files changed, 24 insertions(+), 4 deletions(-) |
| 10 | + |
| 11 | +diff --git a/src/utils.cpp b/src/utils.cpp |
| 12 | +index 426644e..31e666f 100644 |
| 13 | +--- a/src/utils.cpp |
| 14 | ++++ b/src/utils.cpp |
| 15 | +@@ -110,7 +110,9 @@ const struct vmlinux_location vmlinux_locs[] = { |
| 16 | + { "/usr/lib/debug/lib/modules/%1$s/vmlinux", false }, |
| 17 | + { nullptr, false }, |
| 18 | + }; |
| 19 | +- |
| 20 | ++constexpr std::string_view PROC_KHEADERS_PATH = "/sys/kernel/kheaders.tar.xz"; |
| 21 | ++ |
| 22 | ++ |
| 23 | + static bool pid_in_different_mountns(int pid); |
| 24 | + static std::vector<std::string> |
| 25 | + resolve_binary_path(const std::string &cmd, const char *env_paths, int pid); |
| 26 | +@@ -503,6 +505,20 @@ bool is_dir(const std::string& path) |
| 27 | + return std_filesystem::is_directory(buf, ec); |
| 28 | + } |
| 29 | + |
| 30 | ++bool file_exists_and_ownedby_root(const char *f) |
| 31 | ++ { |
| 32 | ++ struct stat st; |
| 33 | ++ if (stat(f, &st) == 0) { |
| 34 | ++ if (st.st_uid != 0) { |
| 35 | ++ LOG(ERROR) << "header file ownership expected to be root: " |
| 36 | ++ << std::string(f); |
| 37 | ++ return false; |
| 38 | ++ } |
| 39 | ++ return true; |
| 40 | ++ } |
| 41 | ++ return false; |
| 42 | ++ } |
| 43 | ++ |
| 44 | + namespace { |
| 45 | + struct KernelHeaderTmpDir { |
| 46 | + KernelHeaderTmpDir(const std::string& prefix) : path{prefix + "XXXXXX"} |
| 47 | +@@ -535,14 +551,14 @@ namespace { |
| 48 | + { |
| 49 | + std::error_code ec; |
| 50 | + std_filesystem::path path_prefix{ "/tmp" }; |
| 51 | +- std_filesystem::path path_kheaders{ "/sys/kernel/kheaders.tar.xz" }; |
| 52 | ++ std_filesystem::path path_kheaders{ PROC_KHEADERS_PATH }; |
| 53 | + if (const char* tmpdir = ::getenv("TMPDIR")) { |
| 54 | + path_prefix = tmpdir; |
| 55 | + } |
| 56 | + path_prefix /= "kheaders-"; |
| 57 | + std_filesystem::path shared_path{ path_prefix.string() + utsname.release }; |
| 58 | + |
| 59 | +- if (std_filesystem::exists(shared_path, ec)) |
| 60 | ++ if (file_exists_and_ownedby_root(shared_path.c_str())) |
| 61 | + { |
| 62 | + // already unpacked |
| 63 | + return shared_path.string(); |
| 64 | +@@ -566,7 +582,10 @@ namespace { |
| 65 | + |
| 66 | + KernelHeaderTmpDir tmpdir{path_prefix}; |
| 67 | + |
| 68 | +- FILE* tar = ::popen(("tar xf /sys/kernel/kheaders.tar.xz -C " + tmpdir.path).c_str(), "w"); |
| 69 | ++ FILE *tar = ::popen(("tar xf " + std::string(PROC_KHEADERS_PATH) + " -C " + |
| 70 | ++ tmpdir.path) |
| 71 | ++ .c_str(), |
| 72 | ++ "w"); |
| 73 | + if (!tar) { |
| 74 | + return ""; |
| 75 | + } |
| 76 | +diff --git a/src/utils.h b/src/utils.h |
| 77 | +index 9b96be9..103af0d 100644 |
| 78 | +--- a/src/utils.h |
| 79 | ++++ b/src/utils.h |
| 80 | +@@ -156,6 +156,7 @@ std::vector<std::string> get_wildcard_tokens(const std::string &input, |
| 81 | + std::vector<int> get_online_cpus(); |
| 82 | + std::vector<int> get_possible_cpus(); |
| 83 | + bool is_dir(const std::string &path); |
| 84 | ++bool file_exists_and_ownedby_root(const char *f); |
| 85 | + std::tuple<std::string, std::string> get_kernel_dirs( |
| 86 | + const struct utsname &utsname, |
| 87 | + bool unpack_kheaders); |
| 88 | +-- |
| 89 | +2.45.2 |
| 90 | + |
0 commit comments