From 3d6b65a7d3d1d2b24abd0cf8d62959479eae7434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Desbiens?= Date: Mon, 14 Jul 2025 16:58:01 -0400 Subject: [PATCH] Merged fixes for advisories GHSA-76hh-wrj5-hr2v and GHSA-wcfg-5jpf-hhxq provided by Bill Lamie. --- .../inc/txm_module_manager_util.h | 17 +- .../src/txm_module_manager_util.c | 170 +++++++++++++++++- 2 files changed, 170 insertions(+), 17 deletions(-) diff --git a/common_modules/module_manager/inc/txm_module_manager_util.h b/common_modules/module_manager/inc/txm_module_manager_util.h index bf971049..2dc49f77 100644 --- a/common_modules/module_manager/inc/txm_module_manager_util.h +++ b/common_modules/module_manager/inc/txm_module_manager_util.h @@ -25,7 +25,7 @@ /* COMPONENT DEFINITION RELEASE */ /* */ /* txm_module_manager_util.h PORTABLE C */ -/* 6.3.0 */ +/* 6.4.3 */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -46,6 +46,10 @@ /* 10-31-2023 Tiejun Zhou Modified comment(s) and */ /* improved object check, */ /* resulting in version 6.3.0 */ +/* xx-xx-2025 William E. Lamie Modified comment(s) and */ +/* improved object pointer use */ +/* and creation checking, */ +/* resulting in version 6.4.3 */ /* */ /**************************************************************************/ @@ -102,16 +106,11 @@ /* Kernel objects should be outside the module at the very least. */ #define TXM_MODULE_MANAGER_PARAM_CHECK_OBJECT_FOR_USE(module_instance, obj_ptr, obj_size) \ - (TXM_MODULE_MANAGER_ENSURE_OUTSIDE_MODULE(module_instance, obj_ptr, obj_size) || \ - (_txm_module_manager_created_object_check(module_instance, (void *)obj_ptr) == TX_FALSE) || \ - ((void *) (obj_ptr) == TX_NULL)) + (_txm_module_manager_param_check_object_for_use(module_instance, obj_ptr, obj_size)) /* When creating an object, the object must be inside the object pool. */ #define TXM_MODULE_MANAGER_PARAM_CHECK_OBJECT_FOR_CREATION(module_instance, obj_ptr, obj_size) \ - ((TXM_MODULE_MANAGER_ENSURE_INSIDE_OBJ_POOL(module_instance, obj_ptr, obj_size) && \ - (_txm_module_manager_object_size_check(obj_ptr, obj_size) == TX_SUCCESS)) || \ - (_txm_module_manager_created_object_check(module_instance, (void *)obj_ptr) == TX_FALSE) || \ - ((void *) (obj_ptr) == TX_NULL)) + (_txm_module_manager_param_check_object_for_creation(module_instance, obj_ptr, obj_size)) /* Strings we dereference can be in RW/RO/Shared areas. */ #define TXM_MODULE_MANAGER_PARAM_CHECK_DEREFERENCE_STRING(module_instance, string_ptr) \ @@ -136,6 +135,8 @@ UINT _txm_module_manager_object_memory_check(TXM_MODULE_INSTANCE *module_inst UINT _txm_module_manager_object_size_check(ALIGN_TYPE object_ptr, ULONG object_size); UINT _txm_module_manager_object_name_compare(CHAR *object_name1, UINT object_name1_length, CHAR *object_name2); UCHAR _txm_module_manager_created_object_check(TXM_MODULE_INSTANCE *module_instance, void *object_ptr); +UINT _txm_module_manager_param_check_object_for_creation(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size); +UINT _txm_module_manager_param_check_object_for_use(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size); UINT _txm_module_manager_util_code_allocation_size_and_alignment_get(TXM_MODULE_PREAMBLE *module_preamble, ULONG *code_alignment_dest, ULONG *code_allocation_size_dest); #endif diff --git a/common_modules/module_manager/src/txm_module_manager_util.c b/common_modules/module_manager/src/txm_module_manager_util.c index 23a989ac..0e5abe5e 100644 --- a/common_modules/module_manager/src/txm_module_manager_util.c +++ b/common_modules/module_manager/src/txm_module_manager_util.c @@ -104,7 +104,7 @@ UINT _txm_module_manager_object_memory_check(TXM_MODULE_INSTANCE *module_instan /* FUNCTION RELEASE */ /* */ /* _txm_module_manager_created_object_check PORTABLE C */ -/* 6.1 */ +/* 6.1x */ /* AUTHOR */ /* */ /* Scott Larson, Microsoft Corporation */ @@ -137,6 +137,10 @@ UINT _txm_module_manager_object_memory_check(TXM_MODULE_INSTANCE *module_instan /* DATE NAME DESCRIPTION */ /* */ /* 09-30-2020 Scott Larson Initial Version 6.1 */ +/* xx-xx-2025 William E. Lamie Modified comment(s), and */ +/* removed module local memory */ +/* check, resulting in */ +/* version 6.1x */ /* */ /**************************************************************************/ UCHAR _txm_module_manager_created_object_check(TXM_MODULE_INSTANCE *module_instance, VOID *object_ptr) @@ -144,15 +148,9 @@ UCHAR _txm_module_manager_created_object_check(TXM_MODULE_INSTANCE *module_insta TXM_MODULE_ALLOCATED_OBJECT *allocated_object_ptr; - /* Determine if the socket control block is inside the module. */ - if ( (((CHAR *) object_ptr) >= ((CHAR *) module_instance -> txm_module_instance_data_start)) && - (((CHAR *) object_ptr) < ((CHAR *) module_instance -> txm_module_instance_data_end))) - { - return TX_TRUE; - } - /* Determine if this object control block was allocated by this module instance. */ - else if (_txm_module_manager_object_pool_created) + /* Determine if the object pool has been created. */ + if (_txm_module_manager_object_pool_created) { /* Determine if the current object is from the pool of dynamically allocated objects. */ @@ -336,6 +334,158 @@ CHAR object_name_char; } +/**************************************************************************/ +/* */ +/* FUNCTION RELEASE */ +/* */ +/* _txm_module_manager_param_check_object_for_creation PORTABLE C */ +/* 6.4.3 */ +/* AUTHOR */ +/* */ +/* William E. Lamie, RTOSX */ +/* */ +/* DESCRIPTION */ +/* */ +/* This function checks to make sure the object pointer for one of the */ +/* creation APIs is valid. */ +/* */ +/* INPUT */ +/* */ +/* module_instance Requesting module instance pointer*/ +/* object_ptr Address of object memory area */ +/* ojbect_size Size of object memory area */ +/* */ +/* OUTPUT */ +/* */ +/* TX_TRUE Valid object pointer */ +/* TX_FALSE Invalid object pointer */ +/* */ +/* CALLS */ +/* */ +/* None */ +/* */ +/* CALLED BY */ +/* */ +/* txm_module_manager_* Module manager functions */ +/* */ +/* RELEASE HISTORY */ +/* */ +/* DATE NAME DESCRIPTION */ +/* */ +/* xx-xx-2025 William E. Lamie Initial Version 6.4.3 */ +/* */ +/**************************************************************************/ +UINT _txm_module_manager_param_check_object_for_creation(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size) +{ + + /* Determine if the object pointer is NULL. */ + if ((void *) object_ptr == TX_NULL) + { + + /* Object pointer is NULL, which is invalid. */ + return(TX_FALSE); + } + + /* Determine if the object pointer is inside the module object pool. */ + if (TXM_MODULE_MANAGER_ENSURE_INSIDE_OBJ_POOL(module_instance, object_ptr, object_size) == TX_FALSE) + { + + /* Object pointer is not inside the object pool, which is invalid. */ + return(TX_FALSE); + } + + /* Determine if the object size is correct. */ + if (_txm_module_manager_object_size_check(object_ptr, object_size) != TX_SUCCESS) + { + + /* Object size is invalid. */ + return(TX_FALSE); + } + + /* Determine if the ojbect has already been created. */ + if (_txm_module_manager_created_object_check(module_instance, (void *) object_ptr) == TX_FALSE) + { + + /* Object has already been created, which is invalid. */ + return(TX_FALSE); + } + + /* Everything is okay with the object, return TX_TRUE. */ + return(TX_TRUE); +} + + +/**************************************************************************/ +/* */ +/* FUNCTION RELEASE */ +/* */ +/* _txm_module_manager_param_check_object_for_use PORTABLE C */ +/* 6.4.3 */ +/* AUTHOR */ +/* */ +/* William E. Lamie, RTOSX */ +/* */ +/* DESCRIPTION */ +/* */ +/* This function checks to make sure the object pointer is valid. */ +/* */ +/* INPUT */ +/* */ +/* module_instance Requesting module instance pointer*/ +/* object_ptr Address of object memory area */ +/* ojbect_size Size of object memory area */ +/* */ +/* OUTPUT */ +/* */ +/* TX_TRUE Valid object pointer */ +/* TX_FALSE Invalid object pointer */ +/* */ +/* CALLS */ +/* */ +/* None */ +/* */ +/* CALLED BY */ +/* */ +/* txm_module_manager_* Module manager functions */ +/* */ +/* RELEASE HISTORY */ +/* */ +/* DATE NAME DESCRIPTION */ +/* */ +/* xx-xx-2025 William E. Lamie Initial Version 6.4.3 */ +/* */ +/**************************************************************************/ +UINT _txm_module_manager_param_check_object_for_use(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size) +{ + + /* Determine if the object pointer is NULL. */ + if ((void *) object_ptr == TX_NULL) + { + + /* Object pointer is NULL, which is invalid. */ + return(TX_FALSE); + } + + /* Determine if the object pointer is inside the module object pool. */ + if (TXM_MODULE_MANAGER_ENSURE_OUTSIDE_MODULE(module_instance, object_ptr, object_size) == TX_FALSE) + { + + /* Object pointer is not inside the object pool, which is invalid. */ + return(TX_FALSE); + } + + /* Define application-specific object memory check. */ +#ifdef TXM_MODULE_MANGER_APPLICATION_VALID_OBJECT_MEMORY_CHECK + + /* Bring in the application-spefic objeft memory check, defined by the user. */ + TXM_MODULE_MANGER_APPLICATION_VALID_OBJECT_MEMORY_CHECK +#endif /* TXM_MODULE_MANGER_APPLICATION_VALID_OBJECT_MEMORY_ENABLE */ + + /* Everything is okay with the object, return TX_TRUE. */ + return(TX_TRUE); +} + + /**************************************************************************/ /* */ /* FUNCTION RELEASE */ @@ -414,3 +564,5 @@ ULONG data_alignment_ignored; /* Return success. */ return(TX_SUCCESS); } + +