NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/41875: pax_aslr_elf() use wrong lsb number
>Number: 41875
>Category: kern
>Synopsis: pax_aslr_elf() use wrong lsb number
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Aug 12 10:50:00 +0000 2009
>Originator: Manuel Bouyer
>Release: NetBSD 5.0_STABLE
>Organization:
>Environment:
System: NetBSD disco 5.0_STABLE NetBSD 5.0_STABLE (DISCO) #3: Fri Aug 7
08:59:42 MEST 2009
bouyer@disco:/home/bouyer/src-5/src/sys/arch/i386/compile/obj/DISCO i386
Architecture: i386
Machine: i386
>Description:
In pax_aslr_elf() we read:
if (pax_align == 0)
pax_align = PGSHIFT;
#ifdef DEBUG_ASLR
uprintf("r=0x%x a=0x%x p=0x%x Delta=0x%lx\n", r,
ilog2(pax_align), PGSHIFT, PAX_ASLR_DELTA(r,
ilog2(pax_align), PAX_ASLR_DELTA_EXEC_LEN));
#endif
pax_offset = ELF_TRUNC(PAX_ASLR_DELTA(r,
ilog2(pax_align), PAX_ASLR_DELTA_EXEC_LEN), pax_align);
PAX_ASLR_DELTA() expects a number of bits so should get
pax_align, not ilog2(pax_align).
ELF_TRUNC() expects a size in bytes, so should get (1 << pax_align)
not pax_align.
>How-To-Repeat:
code inspection
>Fix:
change
pax_align = PGSHIFT;
to
pax_align = NBPG;
maybe ?
Home |
Main Index |
Thread Index |
Old Index