Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reject BPF programs with jump targets outside of range of instructions. #432

Merged
merged 1 commit into from Apr 22, 2024
Merged

Reject BPF programs with jump targets outside of range of instructions. #432

merged 1 commit into from Apr 22, 2024

Conversation

Alan-Jowett
Copy link
Collaborator

@Alan-Jowett Alan-Jowett commented Apr 22, 2024
edited

This pull request includes a crucial change to the validate function in the vm/ubpf_vm.c file. The condition checking the call_target variable has been updated to prevent out-of-bounds access. Previously, the condition allowed for call_target to be equal to num_insts, which could potentially lead to accessing an element beyond the array's limit. Now, the condition has been corrected to call_target >= num_insts, ensuring that call_target stays within the valid range of array indices.

Resolves: #431

Validate jump target before updating vm->int_funcs
9bf2f8e 
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
@Alan-Jowett Alan-Jowett changed the title Validate jump target before updating vm->int_funcs Reject BPF programs with jump targets outside of range of instructions. Apr 22, 2024
hawkinsw
hawkinsw approved these changes Apr 22, 2024
View reviewed changes
Copy link
Collaborator

@hawkinsw hawkinsw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this is 100% a-okay. It might make sense for a future PR to add an additional check after JIT (if that happens). That additional check after JIT would ensure that the calls in any generated code are valid as well. A boot-and-suspenders type of check?

@Alan-Jowett Alan-Jowett merged commit 3cf7f11 into iovisor:main Apr 22, 2024
33 checks passed
Alan-Jowett added a commit that referenced this pull request Apr 22, 2024
@Alan-Jowett
Validate jump target before updating vm->int_funcs (#432)
dfcad9d 
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
Alan-Jowett pushed a commit to Alan-Jowett/ebpf-for-windows that referenced this pull request Apr 22, 2024
Pickup fix for iovisor/ubpf#432
99242ed 
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
github-merge-queue bot pushed a commit to microsoft/ebpf-for-windows that referenced this pull request Apr 22, 2024
@Alan-Jowett
Pickup fix for iovisor/ubpf#432 (#3476)
9ec3b9d 
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
@coveralls
Copy link

Coverage Status

coverage: 82.452%. remained the same
when pulling 9bf2f8e on Alan-Jowett:issue431
into dfd2e9c on iovisor:main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hawkinsw hawkinsw hawkinsw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ubpf_load fails to validate immediate offset when computing jump targets
3 participants
@Alan-Jowett @coveralls @hawkinsw