david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dump_file: check for NULL filename, support mkstemp() template

Browse Source
This commit is contained in:
Steffen Schulz 2021-08-19 05:08:00 -07:00
parent 68f74353b2
commit d81b846608
1 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
nyx/hypercall/hypercall.c
View File

@ -742,32 +742,38 @@ static void handle_hypercall_kafl_dump_file(struct kvm_run *run, CPUState *cpu,
goto err_out1; goto err_out1;
} }
if (!read_virtual_memory(file_obj.file_name_str_ptr, (uint8_t*)filename, 255, cpu)) { if (file_obj.file_name_str_ptr != 0) {
fprintf(stderr, "Failed to read file_name_str_ptr in %s. Skipping..\n", __func__); if (!read_virtual_memory(file_obj.file_name_str_ptr, (uint8_t*)filename, sizeof(filename)-1, cpu)) {
goto err_out1; fprintf(stderr, "Failed to read file_name_str_ptr in %s. Skipping..\n", __func__);
goto err_out1;
}
filename[sizeof(filename)-1] = 0;
} }
filename[255] = 0;
//fprintf(stderr, "%s: dump %lu fbytes from %s (append=%u)\n", //fprintf(stderr, "%s: dump %lu fbytes from %s (append=%u)\n",
// __func__, file_obj.bytes, filename, file_obj.append); // __func__, file_obj.bytes, filename, file_obj.append);
if (strnlen(filename, sizeof(filename))) { // use a tempfile if file_name_ptr == NULL or points to empty string
char *base_name = basename(filename); if (0 == strnlen(filename, sizeof(filename))) {
assert(asprintf(&host_path, "%s/dump/%s", GET_GLOBAL_STATE()->workdir_path , base_name) != -1); strncpy(filename, "tmp.XXXXXX", sizeof(filename)-1);
}
if(file_obj.append){ char *base_name = basename(filename); // clobbers the filename buffer!
f = fopen(host_path, "a+"); assert(asprintf(&host_path, "%s/dump/%s", GET_GLOBAL_STATE()->workdir_path , base_name) != -1);
} else{
f = fopen(host_path, "w+"); // check if base_name is mkstemp() pattern, otherwise write/append to exact name
} if (strlen(base_name) > 6 && 0 == strcmp(base_name+strlen(base_name)-6, "XXXXXX")) {
} else { // no filename given - create tempfile
if (file_obj.append) { if (file_obj.append) {
fprintf(stderr, "Error request to append but no filename given in %s\n", __func__); fprintf(stderr, "Error request to append but no filename given in %s\n", __func__);
goto err_out1; goto err_out1;
} }
assert(asprintf(&host_path, "%s/dump/tmp.XXXXXX", GET_GLOBAL_STATE()->workdir_path) != -1);
f = fdopen(mkstemp(host_path), "w+"); f = fdopen(mkstemp(host_path), "w+");
} else {
if (file_obj.append){
f = fopen(host_path, "a+");
} else{
f = fopen(host_path, "w+");
}
} }
if (!f) { if (!f) {