src: fix OOB reads in process.title getter #31633
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: nodejs#31631
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse.
nodejs-github-bot
added
c++
jasnell
reviewed
Feb 4, 2020
| std::string buf(16, '\0'); | ||
|
|
||
| for (;;) { | ||
| const int rc = uv_get_process_title(&buf[0], buf.size()); |
There was a problem hiding this comment.
Not blocking for this PR, but... in the future, might it be possible to introduce a variant of uv_get_process_title that can optionally report the size of the buffer required? something along the lines of...
size_t actual = buf.size();
const int rc = uv_get_process_title2(&buf[0], &actual);
if (rc == UV_ENOBUFS) {
buf.resize(actual);
// then try again
}
// ....Definitely minor but a bit nicer to avoid the multiple resize operations
jasnell
approved these changes
Feb 4, 2020
addaleax
approved these changes
Feb 4, 2020
cjihrig
approved these changes
Feb 4, 2020
addaleax
reviewed
Feb 4, 2020
devsnek
approved these changes
Feb 4, 2020
jasnell
reviewed
Feb 4, 2020
| // is necessary otherwise *its* process.title is whatever the last | ||
| // SetConsoleTitle() call in our process tree set it to. | ||
| if (common.isWindows) | ||
| process.title = process.execPath; |
There was a problem hiding this comment.
Using // Flags: --title=test to explicitly set the title with a flag would work here also, right? Might be better than having a special case here for Windows
There was a problem hiding this comment.
See libuv/libuv#2667 - I believe this is a Windows-only libuv bug. Until it's fixed, it's best to call it out explicitly.
devnexen
approved these changes
Feb 5, 2020
addaleax
added
the
author ready
|
CI: https://ci.nodejs.org/job/node-test-pull-request/28985/ (:heavy_check_mark:) |
Trott
approved these changes
Feb 7, 2020
addaleax
pushed a commit
that referenced
this pull request
Feb 7, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
addaleax
pushed a commit
that referenced
this pull request
Feb 7, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Feb 17, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Feb 17, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Merged
codebytere
pushed a commit
that referenced
this pull request
Mar 15, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Mar 15, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Mar 17, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Mar 17, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Merged
codebytere
pushed a commit
that referenced
this pull request
Mar 30, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Mar 30, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
added a commit
to electron/electron
that referenced
this pull request
Nov 21, 2022
codebytere
added a commit
to electron/electron
that referenced
this pull request
Nov 21, 2022
jkleinsc
added a commit
to electron/electron
that referenced
this pull request
Nov 21, 2022
* chore: bump node in DEPS to v18.12.1 * chore: update patches * chore: add missing <algorithm> include * src: add detailed embedder process initialization AP nodejs/node#44121 * chore: update gn build files * dns: support dns module in the snapshot nodejs/node#44633 #36118 * src: fix OOB reads in process.title getter nodejs/node#31633 * chore: fix incorrectly removed patch bit Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
khalwa
pushed a commit
to solarwindscloud/electron
that referenced
this pull request
Feb 22, 2023
* chore: bump node in DEPS to v18.12.1 * chore: update patches * chore: add missing <algorithm> include * src: add detailed embedder process initialization AP nodejs/node#44121 * chore: update gn build files * dns: support dns module in the snapshot nodejs/node#44633 electron#36118 * src: fix OOB reads in process.title getter nodejs/node#31633 * chore: fix incorrectly removed patch bit Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The getter passed a stack-allocated, fixed-size buffer to
uv_get_process_title() but neglected to check the return value.
When the total length of the command line arguments exceeds the size of
the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of
the buffer. The getter then proceeded to return whatever garbage was on
the stack at the time of the call, quite possibly reading beyond the
end of the buffer.
Add a GetProcessTitle() helper that reads the process title into a
dynamically allocated buffer that is resized when necessary.
Fixes: #31631