[PATCH] D17479: [asan] Add new recv and recvfrom interceptors.

[Maxim Ostapenko via llvm-commits]

m.ostapenko created this revision.
m.ostapenko added reviewers: kcc, eugenis, samsonov.
m.ostapenko added subscribers: llvm-commits, ygribov.
m.ostapenko set the repository for this revision to rL LLVM.

This patch adds new recv and recvfrom interceptors to ASan. This those, we would be able to catch CVE-2015-7547 with dynamic stack buffer overflow (https://groups.google.com/forum/#!topic/address-sanitizer/ttPxNhTK9TU).


Repository:
  rL LLVM

http://reviews.llvm.org/D17479

Files:
  lib/asan/asan_interceptors.cc

Index: lib/asan/asan_interceptors.cc
===================================================================
--- lib/asan/asan_interceptors.cc
+++ lib/asan/asan_interceptors.cc
@@ -214,6 +214,24 @@
   } while (false)
 #include "sanitizer_common/sanitizer_common_syscalls.inc"
 
+
+INTERCEPTOR(SSIZE_T, recv, int fd, void *buf, SIZE_T len, int flags) {
+  ENSURE_ASAN_INITED();
+  ASAN_READ_RANGE(nullptr, buf, len);
+  SSIZE_T res = REAL(recv)(fd, buf, len, flags);
+  return res;
+}
+
+INTERCEPTOR(SSIZE_T, recvfrom, int fd, void *buf, SIZE_T len, int flags,
+            void *srcaddr, int *addrlen) {
+  ENSURE_ASAN_INITED();
+  SIZE_T srcaddr_sz;
+  if (srcaddr) srcaddr_sz = *addrlen;
+  ASAN_READ_RANGE(nullptr, buf, len);
+  SSIZE_T res = REAL(recvfrom)(fd, buf, len, flags, srcaddr, addrlen);
+  return res;
+}
+
 struct ThreadStartParam {
   atomic_uintptr_t t;
   atomic_uintptr_t is_registered;
@@ -828,6 +846,10 @@
   ASAN_INTERCEPT_FUNC(fork);
 #endif
 
+  // Inrecept recv functions.
+  ASAN_INTERCEPT_FUNC(recv);
+  ASAN_INTERCEPT_FUNC(recvfrom);
+
   InitializePlatformInterceptors();
 
   VReport(1, "AddressSanitizer: libc interceptors initialized\n");


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D17479.48583.patch
Type: text/x-patch
Size: 1167 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160220/c058b4c6/attachment.bin>