Imagelibrary/threadx
1
0
Fork 1
mirror of https://github.com/eclipse-threadx/threadx.git synced 2025-11-16 04:24:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
Fixed pointer validation flaw and improper parameter check in syscall implementation
This commit is contained in:
Frédéric Desbiens
2025-09-28 21:23:20 +01:00
committed by GitHub
parent 372e71ffc6 3d6b65a7d3
commit ea408ebe52
2 changed files with 170 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
common_modules/module_manager/inc/txm_module_manager_util.h
View File

@@ -25,7 +25,7 @@
/* COMPONENT DEFINITION RELEASE */
/* */
/* txm_module_manager_util.h PORTABLE C */
/* 6.3.0 */
/* 6.4.3 */
/* AUTHOR */
/* */
/* Scott Larson, Microsoft Corporation */
@@ -46,6 +46,10 @@
/* 10-31-2023 Tiejun Zhou Modified comment(s) and */
/* improved object check, */
/* resulting in version 6.3.0 */
/* xx-xx-2025 William E. Lamie Modified comment(s) and */
/* improved object pointer use */
/* and creation checking, */
/* resulting in version 6.4.3 */
/* */
/**************************************************************************/
@@ -102,16 +106,11 @@
/* Kernel objects should be outside the module at the very least. */
#define TXM_MODULE_MANAGER_PARAM_CHECK_OBJECT_FOR_USE(module_instance, obj_ptr, obj_size) \
(TXM_MODULE_MANAGER_ENSURE_OUTSIDE_MODULE(module_instance, obj_ptr, obj_size) || \
(_txm_module_manager_created_object_check(module_instance, (void *)obj_ptr) == TX_FALSE) || \
((void *) (obj_ptr) == TX_NULL))
(_txm_module_manager_param_check_object_for_use(module_instance, obj_ptr, obj_size))
/* When creating an object, the object must be inside the object pool. */
#define TXM_MODULE_MANAGER_PARAM_CHECK_OBJECT_FOR_CREATION(module_instance, obj_ptr, obj_size) \
((TXM_MODULE_MANAGER_ENSURE_INSIDE_OBJ_POOL(module_instance, obj_ptr, obj_size) && \
(_txm_module_manager_object_size_check(obj_ptr, obj_size) == TX_SUCCESS)) || \
(_txm_module_manager_created_object_check(module_instance, (void *)obj_ptr) == TX_FALSE) || \
((void *) (obj_ptr) == TX_NULL))
(_txm_module_manager_param_check_object_for_creation(module_instance, obj_ptr, obj_size))
/* Strings we dereference can be in RW/RO/Shared areas. */
#define TXM_MODULE_MANAGER_PARAM_CHECK_DEREFERENCE_STRING(module_instance, string_ptr) \
@@ -136,6 +135,8 @@ UINT _txm_module_manager_object_memory_check(TXM_MODULE_INSTANCE *module_inst
UINT _txm_module_manager_object_size_check(ALIGN_TYPE object_ptr, ULONG object_size);
UINT _txm_module_manager_object_name_compare(CHAR *object_name1, UINT object_name1_length, CHAR *object_name2);
UCHAR _txm_module_manager_created_object_check(TXM_MODULE_INSTANCE *module_instance, void *object_ptr);
UINT _txm_module_manager_param_check_object_for_creation(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size);
UINT _txm_module_manager_param_check_object_for_use(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size);
UINT _txm_module_manager_util_code_allocation_size_and_alignment_get(TXM_MODULE_PREAMBLE *module_preamble, ULONG *code_alignment_dest, ULONG *code_allocation_size_dest);
#endif

170
common_modules/module_manager/src/txm_module_manager_util.c
View File

@@ -104,7 +104,7 @@ UINT _txm_module_manager_object_memory_check(TXM_MODULE_INSTANCE *module_instan
/* FUNCTION RELEASE */
/* */
/* _txm_module_manager_created_object_check PORTABLE C */
/* 6.1 */
/* 6.1x */
/* AUTHOR */
/* */
/* Scott Larson, Microsoft Corporation */
@@ -137,6 +137,10 @@ UINT _txm_module_manager_object_memory_check(TXM_MODULE_INSTANCE *module_instan
/* DATE NAME DESCRIPTION */
/* */
/* 09-30-2020 Scott Larson Initial Version 6.1 */
/* xx-xx-2025 William E. Lamie Modified comment(s), and */
/* removed module local memory */
/* check, resulting in */
/* version 6.1x */
/* */
/**************************************************************************/
UCHAR _txm_module_manager_created_object_check(TXM_MODULE_INSTANCE *module_instance, VOID *object_ptr)
@@ -144,15 +148,9 @@ UCHAR _txm_module_manager_created_object_check(TXM_MODULE_INSTANCE *module_insta
TXM_MODULE_ALLOCATED_OBJECT *allocated_object_ptr;
/* Determine if the socket control block is inside the module. */
if ( (((CHAR *) object_ptr) >= ((CHAR *) module_instance -> txm_module_instance_data_start)) &&
(((CHAR *) object_ptr) < ((CHAR *) module_instance -> txm_module_instance_data_end)))
{
return TX_TRUE;
}
/* Determine if this object control block was allocated by this module instance. */
else if (_txm_module_manager_object_pool_created)
/* Determine if the object pool has been created. */
if (_txm_module_manager_object_pool_created)
{
/* Determine if the current object is from the pool of dynamically allocated objects. */
@@ -336,6 +334,158 @@ CHAR object_name_char;
}
/**************************************************************************/
/* */
/* FUNCTION RELEASE */
/* */
/* _txm_module_manager_param_check_object_for_creation PORTABLE C */
/* 6.4.3 */
/* AUTHOR */
/* */
/* William E. Lamie, RTOSX */
/* */
/* DESCRIPTION */
/* */
/* This function checks to make sure the object pointer for one of the */
/* creation APIs is valid. */
/* */
/* INPUT */
/* */
/* module_instance Requesting module instance pointer*/
/* object_ptr Address of object memory area */
/* ojbect_size Size of object memory area */
/* */
/* OUTPUT */
/* */
/* TX_TRUE Valid object pointer */
/* TX_FALSE Invalid object pointer */
/* */
/* CALLS */
/* */
/* None */
/* */
/* CALLED BY */
/* */
/* txm_module_manager_* Module manager functions */
/* */
/* RELEASE HISTORY */
/* */
/* DATE NAME DESCRIPTION */
/* */
/* xx-xx-2025 William E. Lamie Initial Version 6.4.3 */
/* */
/**************************************************************************/
UINT _txm_module_manager_param_check_object_for_creation(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size)
{
/* Determine if the object pointer is NULL. */
if ((void *) object_ptr == TX_NULL)
{
/* Object pointer is NULL, which is invalid. */
return(TX_FALSE);
}
/* Determine if the object pointer is inside the module object pool. */
if (TXM_MODULE_MANAGER_ENSURE_INSIDE_OBJ_POOL(module_instance, object_ptr, object_size) == TX_FALSE)
{
/* Object pointer is not inside the object pool, which is invalid. */
return(TX_FALSE);
}
/* Determine if the object size is correct. */
if (_txm_module_manager_object_size_check(object_ptr, object_size) != TX_SUCCESS)
{
/* Object size is invalid. */
return(TX_FALSE);
}
/* Determine if the ojbect has already been created. */
if (_txm_module_manager_created_object_check(module_instance, (void *) object_ptr) == TX_FALSE)
{
/* Object has already been created, which is invalid. */
return(TX_FALSE);
}
/* Everything is okay with the object, return TX_TRUE. */
return(TX_TRUE);
}
/**************************************************************************/
/* */
/* FUNCTION RELEASE */
/* */
/* _txm_module_manager_param_check_object_for_use PORTABLE C */
/* 6.4.3 */
/* AUTHOR */
/* */
/* William E. Lamie, RTOSX */
/* */
/* DESCRIPTION */
/* */
/* This function checks to make sure the object pointer is valid. */
/* */
/* INPUT */
/* */
/* module_instance Requesting module instance pointer*/
/* object_ptr Address of object memory area */
/* ojbect_size Size of object memory area */
/* */
/* OUTPUT */
/* */
/* TX_TRUE Valid object pointer */
/* TX_FALSE Invalid object pointer */
/* */
/* CALLS */
/* */
/* None */
/* */
/* CALLED BY */
/* */
/* txm_module_manager_* Module manager functions */
/* */
/* RELEASE HISTORY */
/* */
/* DATE NAME DESCRIPTION */
/* */
/* xx-xx-2025 William E. Lamie Initial Version 6.4.3 */
/* */
/**************************************************************************/
UINT _txm_module_manager_param_check_object_for_use(TXM_MODULE_INSTANCE *module_instance, ALIGN_TYPE object_ptr, ULONG object_size)
{
/* Determine if the object pointer is NULL. */
if ((void *) object_ptr == TX_NULL)
{
/* Object pointer is NULL, which is invalid. */
return(TX_FALSE);
}
/* Determine if the object pointer is inside the module object pool. */
if (TXM_MODULE_MANAGER_ENSURE_OUTSIDE_MODULE(module_instance, object_ptr, object_size) == TX_FALSE)
{
/* Object pointer is not inside the object pool, which is invalid. */
return(TX_FALSE);
}
/* Define application-specific object memory check. */
#ifdef TXM_MODULE_MANGER_APPLICATION_VALID_OBJECT_MEMORY_CHECK
/* Bring in the application-spefic objeft memory check, defined by the user. */
TXM_MODULE_MANGER_APPLICATION_VALID_OBJECT_MEMORY_CHECK
#endif /* TXM_MODULE_MANGER_APPLICATION_VALID_OBJECT_MEMORY_ENABLE */
/* Everything is okay with the object, return TX_TRUE. */
return(TX_TRUE);
}
/**************************************************************************/
/* */
/* FUNCTION RELEASE */
@@ -414,3 +564,5 @@ ULONG data_alignment_ignored;
/* Return success. */
return(TX_SUCCESS);
}