Changeset 96

Timestamp:

Mar 16, 2007, 10:08:08 PM (18 years ago)

Author:

rainer

Message:

Fix for ticket #54 (samhain_hide module does not work under kernel 2.6.20).

Location:

trunk

Files:

• src/CuTest.c (modified) (2 diffs)
• src/cutest_sh_tiger0.c (modified) (1 diff)
• src/kern_head.c (modified) (1 diff)
• src/samhain.c (modified) (3 diffs)
• src/samhain_hide.c (modified) (10 diffs)
• src/sh_extern.c (modified) (2 diffs)
• test/testcompile.sh (modified) (2 diffs)
• test/testrun_1b.sh (modified) (1 diff)

trunk/src/CuTest.c

@@ -62 +62 @@
         str->size = STRING_MAX;
         str->buffer = (char*) malloc(sizeof(char) * str->size);
-        str->buffer[0] = '\0';
+        if (str->buffer)
+          str->buffer[0] = '\0';
+        else
+          {
+            perror("CuStringInit");
+            _exit (EXIT_FAILURE);
+          }
 }
 
@@ -71 +77 @@
         str->size = STRING_MAX;
         str->buffer = (char*) malloc(sizeof(char) * str->size);
-        str->buffer[0] = '\0';
+        if (str->buffer)
+          str->buffer[0] = '\0';
+        else
+          {
+            perror("CuStringNew");
+            _exit (EXIT_FAILURE);
+          }
         return str;
 }

trunk/src/cutest_sh_tiger0.c

@@ -17 +17 @@
 
   skey = (sh_key_t *) malloc (sizeof(sh_key_t));
-  if (skey == NULL) 
+  if (skey != NULL) 
+    {
+      skey->mlock_failed = SL_FALSE;
+      skey->rngI         = BAD;
+      /* properly initialized later 
+       */
+      skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17;
+      skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17;
+      skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17;
+      
+      for (i = 0; i < KEY_BYT; ++i)
+        skey->poolv[i] = '\0';
+      
+      skey->poolc        = 0;
+      
+      skey->ErrFlag[0]   = ErrFlag[0];
+      ErrFlag[0]         = 0;
+      skey->ErrFlag[1]   = ErrFlag[1];
+      ErrFlag[1]         = 0;
+      
+      dez = &(TcpFlag[POS_TF-1][0]);
+      for (i = 0; i < PW_LEN; ++i)
+        { 
+          skey->pw[i] = (char) (*dez); 
+          (*dez)      = '\0';
+          ++dez; 
+        }
+      
+      skey->sh_sockpass[0]  = '\0';
+      skey->sigkey_old[0]   = '\0';
+      skey->sigkey_new[0]   = '\0';
+      skey->mailkey_old[0]  = '\0';
+      skey->mailkey_new[0]  = '\0';
+      skey->crypt[0]        = '\0';
+      skey->session[0]      = '\0';
+      skey->vernam[0]       = '\0';
+    }
+  else
     {
       perror(_("sh_init"));
       _exit (EXIT_FAILURE);
     }
-
-  skey->mlock_failed = SL_FALSE;
-  skey->rngI         = BAD;
-  /* properly initialized later 
-   */
-  skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17;
-  skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17;
-  skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17;
-
-  for (i = 0; i < KEY_BYT; ++i)
-    skey->poolv[i] = '\0';
-
-  skey->poolc        = 0;
-
-  skey->ErrFlag[0]   = ErrFlag[0];
-  ErrFlag[0]         = 0;
-  skey->ErrFlag[1]   = ErrFlag[1];
-  ErrFlag[1]         = 0;
-
-  dez = &(TcpFlag[POS_TF-1][0]);
-  for (i = 0; i < PW_LEN; ++i)
-    { 
-       skey->pw[i] = (char) (*dez); 
-      (*dez)      = '\0';
-      ++dez; 
-    }
-
-  skey->sh_sockpass[0]  = '\0';
-  skey->sigkey_old[0]   = '\0';
-  skey->sigkey_new[0]   = '\0';
-  skey->mailkey_old[0]  = '\0';
-  skey->mailkey_new[0]  = '\0';
-  skey->crypt[0]        = '\0';
-  skey->session[0]      = '\0';
-  skey->vernam[0]       = '\0';
 
 }

trunk/src/kern_head.c

@@ -753 +753 @@
       fprintf(stderr, "\n");
       fprintf(stderr, "NOTE:  kern_head: must run as 'root' ");
-      fprintf(stderr, "(need to read from /dev/kmem)\n");
+      fprintf(stderr, "(need to read from kernel)\n");
       fprintf(stderr, "       If you get this message, then proceed ");
       fprintf(stderr, "as follows:\n");

trunk/src/samhain.c

@@ -545 +545 @@
    */
   skey = (sh_key_t *) malloc (sizeof(sh_key_t));
-  if (skey == NULL) 
+  if (skey != NULL)
+    {
+
+      skey->mlock_failed = SL_FALSE;
+      skey->rngI         = BAD;
+      /* properly initialized later 
+       */
+      skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17;
+      skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17;
+      skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17;
+      
+      for (i = 0; i < KEY_BYT; ++i)
+        skey->poolv[i] = '\0';
+      
+      skey->poolc        = 0;
+      
+      skey->ErrFlag[0]   = ErrFlag[0];
+      ErrFlag[0]         = 0;
+      skey->ErrFlag[1]   = ErrFlag[1];
+      ErrFlag[1]         = 0;
+      
+      dez = &(TcpFlag[POS_TF-1][0]);
+      for (i = 0; i < PW_LEN; ++i)
+        { 
+          skey->pw[i] = (char) (*dez); 
+          (*dez)      = '\0';
+          ++dez; 
+        }
+      
+      skey->sh_sockpass[0]  = '\0';
+      skey->sigkey_old[0]   = '\0';
+      skey->sigkey_new[0]   = '\0';
+      skey->mailkey_old[0]  = '\0';
+      skey->mailkey_new[0]  = '\0';
+      skey->crypt[0]        = '\0'; /* flawfinder: ignore *//* ff bug */
+      skey->session[0]      = '\0';
+      skey->vernam[0]       = '\0';
+    }
+  else
     {
       perror(_("sh_init"));
       _exit (EXIT_FAILURE);
     }
-
-  skey->mlock_failed = SL_FALSE;
-  skey->rngI         = BAD;
-  /* properly initialized later 
-   */
-  skey->rng0[0] = 0x03; skey->rng0[1] = 0x09; skey->rng0[2] = 0x17;
-  skey->rng1[0] = 0x03; skey->rng1[1] = 0x09; skey->rng1[2] = 0x17;
-  skey->rng2[0] = 0x03; skey->rng2[1] = 0x09; skey->rng2[2] = 0x17;
-
-  for (i = 0; i < KEY_BYT; ++i)
-    skey->poolv[i] = '\0';
-
-  skey->poolc        = 0;
-
-  skey->ErrFlag[0]   = ErrFlag[0];
-  ErrFlag[0]         = 0;
-  skey->ErrFlag[1]   = ErrFlag[1];
-  ErrFlag[1]         = 0;
-
-  dez = &(TcpFlag[POS_TF-1][0]);
-  for (i = 0; i < PW_LEN; ++i)
-    { 
-       skey->pw[i] = (char) (*dez); 
-      (*dez)      = '\0';
-      ++dez; 
-    }
-
-  skey->sh_sockpass[0]  = '\0';
-  skey->sigkey_old[0]   = '\0';
-  skey->sigkey_new[0]   = '\0';
-  skey->mailkey_old[0]  = '\0';
-  skey->mailkey_new[0]  = '\0';
-  skey->crypt[0]        = '\0'; /* flawfinder: ignore *//* ff bug */
-  skey->session[0]      = '\0';
-  skey->vernam[0]       = '\0';
-
 
   sh_unix_memlock();
@@ -923 +925 @@
           else if (pid == respid)
             {
+#ifndef USE_UNO
               if (0 != WIFEXITED(status))
                 {
@@ -930 +933 @@
               else
                 exit (1);
+#else
+              exit (1);
+#endif
             }
           ++times;

trunk/src/samhain_hide.c

@@ -51 +51 @@
  *    insmod samhain_hide (for improved safety: 'sync && insmod samhain_hide')
  *
- *   To unload the module 
+ *   Self-hiding can be switched off by passing the option
+ *   'removeme=0' to the module: 
+ *    insmod ./samhain_hide.ko removeme=0
+ *
+ *   To unload the module (only possible if not hidden):
  *    rmmod samhain_hide  (for improved safety: 'sync && rmmod samhain_hide')
  * 
@@ -109 +113 @@
 /* #define PROC_DEBUG  */   /* procfs       */
 
-
 /*****************************************************
  *
@@ -201 +204 @@
 int (*old_getdents)(unsigned int, struct dirent *, unsigned int);
 #ifdef __NR_getdents64
+#if SH_KERNEL_NUMERIC >= 132628
+/*
+ * 'asmlinkage' is __required__ to get this to work.
+ */
+asmlinkage long (*old_getdents64)(unsigned int, struct linux_dirent64 __user *, unsigned int);
+#else
 long (*old_getdents64)(unsigned int, struct dirent64 *, unsigned int);
+#endif
 #endif
 
@@ -416 +426 @@
 
 #ifdef FILE_DEBUG
-  printk("COPY to kernel\n");
+  printk("COPY to kernel: %ld\n", dummy);
 #endif
 
@@ -513 +523 @@
   dummy = (unsigned long) copy_to_user(dirp, dirp_new, status);
 #ifdef FILE_DEBUG
-  printk("COPY to user\n");
+  printk("COPY to user: %ld\n", dummy);
 #endif
 
@@ -525 +535 @@
 }
 
-
 /* For 2.4 kernel
  */
 #ifdef __NR_getdents64
-long new_getdents64 (unsigned int fd, struct dirent64 *dirp, 
-                     unsigned int count)
+
+#if SH_KERNEL_NUMERIC >= 132628
+/*
+ * 'asmlinkage' is __required__ to get this to work.
+ */
+asmlinkage long new_getdents64 (unsigned int fd, struct linux_dirent64 __user *dirp, 
+                                unsigned int count)
+#else
+long new_getdents64 (unsigned int fd, struct dirent64 *dirp, unsigned int count)
+#endif
 {
   long                 status = 0;    /* Return value from original getdents */
@@ -549 +566 @@
   unsigned long        dummy;
 
+#ifdef FILE_DEBUG
+  printk("FD64 %d\n", fd);
+#endif
+
   lock_kernel();
 
+#ifdef FILE_DEBUG
+  if (!access_ok(VERIFY_WRITE, dirp, count))
+    printk("ACCESS64_BAD\n");
+  else
+    printk("ACCESS64_OK\n");
+#endif
+
+#if SH_KERNEL_NUMERIC >= 132628
   status = (*old_getdents64)(fd, dirp, count);
+  // status = my_real_getdents64(fd, dirp, count);
+#else
+  status = (*old_getdents64)(fd, dirp, count);
+#endif
 
 #ifdef FILE_DEBUG
@@ -580 +613 @@
 
 #if defined(__LINUX_DCACHE_H)
+
+/* 2.6.20 (((2) << 16) + ((6) << 8) + (20)) */
+#if SH_KERNEL_NUMERIC >= 132628
+  dir_inode  = fd_file->f_path.dentry->d_inode;
+#else
   dir_inode  = fd_file->f_dentry->d_inode;
+#endif
+
 #else
   dir_inode  = fd_file->f_inode;
@@ -630 +670 @@
 
 #ifdef FILE_DEBUG
-  printk("COPY64 to kernel\n");
+  printk("COPY64 to kernel: %ld\n", dummy);
 #endif
 
@@ -731 +771 @@
   /* Copy our modified dirp table back to user space.
    */
+#ifdef FILE_DEBUG
+  printk("STATUS64 AT END %ld\n", status);
+#endif
   dummy = (unsigned long) copy_to_user(dirp, dirp_new, status);
+#ifdef FILE_DEBUG
+  printk("COPY64 to user: %ld\n", dummy);
+#endif
+
   kfree (dirp_new);
   unlock_kernel();

trunk/src/sh_extern.c

@@ -541 +541 @@
       if (task->pid == retval)
         {
+#ifndef USE_UNO
           if (WIFEXITED(task->exit_status) != 0)
             {
@@ -572 +573 @@
               task->exit_status = EXIT_FAILURE;
             }
+#else
+          task->exit_status = EXIT_FAILURE;
+#endif 
         }
       else if (0 == retval)

trunk/test/testcompile.sh

@@ -53 +53 @@
                 cat $i | ./unreached_code.pl;
                 cat $i | ./ampersand_missing.sh;
-                cat $i | ./uninitialized.pl;
                 cat $i | ./eqeq.pl;
-                cat $i | ./for_bounds.pl;
+                cat $i | ./for_bounds.pl;    # doesn't work?
                 cat $i | ./unchecked_returns.pl;
-                cat $i | ./unreached_code.pl;
-                cat $i | ./uninitialized.pl;
+                cat $i | ./uninitialized.pl; # doesn't work?
+
                 # from http://people.redhat.com/mstefani/wine/smatch/
                 if [ -f ./while_for_check.pl ]; then
-                    cat $i | ./while_for_check.pl;
+                    cat $i | ./while_for_check.pl; # works
                 fi 
                 # --> end wine <--
-                # samhain specific
+
+                # samhain specific modifications (list of free/malloc funcs)
+                # doesn't seem to find anything useful
                 if [ $memcheck = xsimple ]; then
                     if [ -f ./samhain_unfree.pl ]; then
@@ -80 +81 @@
                 fi
                 # --> end samhain specific <--
-                #cat $i | ./unfree.pl | \
-                #    egrep -v 'x_cutest_.*Test_' | \
-                #    grep -v 'x_sh_unix.c .... .... sh_unix_copyenv';
-                touch list_null_funcs_uniq;
+
+                echo malloc >  list_null_funcs_uniq;
+                echo getenv >> list_null_funcs_uniq;
                 cat $i | ./deference_check.pl;
                 rm -f list_null_funcs_uniq;

trunk/test/testrun_1b.sh

@@ -246 +246 @@
             # -------------  third test -------------
             #
+            if test "x$hostname" = "xtenebra"
+            then
+                if test -f /usr/local/lib/libprelude.so
+                then
+                    LD_LIBRARY_PATH="/usr/local/lib:$LD_LIBRARY_PATH"
+                    export LD_LIBRARY_PATH
+                fi
+            fi
+            #
             PM=`find_path prelude-manager`
             if [ -z "$PM" ]; then