Closed 1ndahous3 closed 11 months ago
Oops! Thanks for the PR - I am currently traveling so will take a look at this in December; I hope it's ok!
Cheers
On Sat, Nov 4, 2023 at 3:46 AM Roman @.***> wrote:
Due to refactoring in #155 https://github.com/0vercl0k/wtf/pull/155 the argument size bug was introduced.
Initially the code was like this:
But after refactoring it became like this:
So 8 bytes are read for the InputBufferSize argument, and we got an invalid value - only one uint32_t(InputBufferSize) cast is made, but then the same cast is not made during addition operation.
This patch replaces one argument getter function with two: GetArg4() for 4-byte values and GetArg8() for 8-byte values. Also, many additional casts to uint32_t have been removed, which are no longer needed.
You can view, comment on, or merge this pull request online at:
https://github.com/0vercl0k/wtf/pull/188 Commit Summary
- def27ff https://github.com/0vercl0k/wtf/pull/188/commits/def27ffafc575f2884cc6a676d62e8a344ef6ed3 explicitly pass the size of the requested arguments
File Changes
(5 files https://github.com/0vercl0k/wtf/pull/188/files)
- M src/wtf/backend.cc https://github.com/0vercl0k/wtf/pull/188/files#diff-9bdcbde23d1a3d31bcf365bc3cd732076631d9052bcce45511ed2f1f3cddf6a0 (28)
- M src/wtf/backend.h https://github.com/0vercl0k/wtf/pull/188/files#diff-4ea7b0abd234b1b9780f5c380cb247f80b3623b058ec68179d26687fa6598345 (6)
- M src/wtf/fshooks.cc https://github.com/0vercl0k/wtf/pull/188/files#diff-12fd18be26aaa7db94d9efb321e2de95ed90d7d96e5f8088f3c49acf48d7e9b0 (68)
- M src/wtf/fuzzer_hevd.cc https://github.com/0vercl0k/wtf/pull/188/files#diff-9d112d854dfe9b0c57ae252aec0e7adb30f02864a29837cc4a7ab48d24d0fa24 (12)
- M src/wtf/fuzzer_ioctl.cc https://github.com/0vercl0k/wtf/pull/188/files#diff-b9ef863d266837d9694d2f95e16f1a9c4b86e26c3951c0169df9268b8bb1d30e (18)
Patch Links:
— Reply to this email directly, view it on GitHub https://github.com/0vercl0k/wtf/pull/188, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORP4VZ2PMYNL5NFNDBLYCWUCFAVCNFSM6AAAAAA65IBC3GVHI2DSMVQWIX3LMV43ASLTON2WKOZRHE3TOMJTGA3DGMA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Looking into this..
@1ndahous3 what do you think of the new changes?
Cheers
@0vercl0k looks good, I think it makes no difference for GetArg4()
to read 4 bytes or read 8 bytes with garbage and trim it through a uint32_t
cast.
In my opinion, it would be nice to rename GetArg()
to GetArg8()
to show the size not only by the type of the return value. This will not give a chance to make a bug when writing code without noticing the GetArg4()
pair function.
I do agree, but it also means it breaks everybody that is using GetArg
which is not desirable. What I can do is to introduce a GetArg8
version though to be consistent - wdyt?
Cheers
What I can do is to introduce a GetArg8 version though to be consistent - wdyt?
Sounds like a good compromise.
All right - take this for a spin and let me know 🫡
Cheers
AFAIR the BugCheckCode
from KeBugCheck2()
is of ULONG
type, so we need to get the uint32_t
value.
Ha yeah I forgot to update it - will do that tonight!
Cheers
On Tue, Nov 28, 2023 at 7:03 AM Roman @.***> wrote:
AFAIR the BugCheckCode from KeBugCheck2() is of ULONG type, so we need to get the uint32_t value.
— Reply to this email directly, view it on GitHub https://github.com/0vercl0k/wtf/pull/188#issuecomment-1829174614, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORLO6RYMMOPFJDTN44LYGV5BZAVCNFSM6AAAAAA65IBC3GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRZGE3TINRRGQ . You are receiving this because you were mentioned.Message ID: @.***>
Done!
I can only suggest adding a [[deprecated]]
attribute to the GetArg()
function.
The code is ok.
Neat, TIL [[deprecated]]
!
I don't have any additional suggestions or notes, everything looks great!
All right, will merge this today - thank you!
Cheers
On Fri, Dec 1, 2023 at 11:01 PM Roman @.***> wrote:
I don't have any additional suggestions or notes, everything looks great!
— Reply to this email directly, view it on GitHub https://github.com/0vercl0k/wtf/pull/188#issuecomment-1836836044, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORL4SOCEFD2MI43DEE3YHJHSVAVCNFSM6AAAAAA65IBC3GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMZWHAZTMMBUGQ . You are receiving this because you were mentioned.Message ID: @.***>
Due to refactoring in #155 the argument size bug was introduced.
Initially the code was like this:
But after refactoring it became like this: https://github.com/0vercl0k/wtf/blob/9823579ef764b0b3c0af2f71b61d5aa47fb3de51/src/wtf/fuzzer_ioctl.cc#L77-L89
So 8 bytes are read for the
InputBufferSize
argument, and we got an invalid value - only oneuint32_t(InputBufferSize)
cast is made, but then the same cast is not made during addition operation.This patch replaces one argument getter function with two:
GetArg4()
for 4-byte values andGetArg8()
for 8-byte values. Also, many additional casts touint32_t
have been removed, which are no longer needed.