[src/trunk]: src/sys Improve kernel module validation. First, set a limit on...

[pgoyette <pgoyette%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/acf04cc95c5e
branches:  trunk
changeset: 998128:acf04cc95c5e
user:      pgoyette <pgoyette%NetBSD.org@localhost>
date:      Mon Apr 08 11:32:49 2019 +0000

description:
Improve kernel module validation.  First, set a limit on how much of the
module name field to check when validation name's length.  Second, check
the module's mi_class to ensure it is valid.

Update the commenet in sys/module.h to indicate that the module classes
are now being validated.

diffstat:

 sys/kern/kern_module.c |  13 ++++++++++---
 sys/sys/module.h       |   4 ++--
 2 files changed, 12 insertions(+), 5 deletions(-)

diffs (57 lines):

diff -r d6b739fad4cd -r acf04cc95c5e sys/kern/kern_module.c
--- a/sys/kern/kern_module.c    Mon Apr 08 11:02:58 2019 +0000
+++ b/sys/kern/kern_module.c    Mon Apr 08 11:32:49 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_module.c,v 1.133 2019/01/27 02:08:43 pgoyette Exp $       */
+/*     $NetBSD: kern_module.c,v 1.134 2019/04/08 11:32:49 pgoyette Exp $       */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.133 2019/01/27 02:08:43 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_module.c,v 1.134 2019/04/08 11:32:49 pgoyette Exp $");
 
 #define _MODULE_INTERNAL
 
@@ -1090,12 +1090,19 @@
         * Check compatibility.
         */
        mi = mod->mod_info;
-       if (strlen(mi->mi_name) >= MAXMODNAME) {
+       if (strnlen(mi->mi_name, MAXMODNAME) >= MAXMODNAME) {
                error = EINVAL;
                module_error("module name `%s' longer than %d", mi->mi_name,
                    MAXMODNAME);
                goto fail;
        }
+       if (mi->mi_class <= MODULE_CLASS_ANY ||
+           mi->mi_class >= MODULE_CLASS_MAX) {
+               error = EINVAL;
+               module_error("module `%s' has invalid class %d",
+                   mi->mi_name, mi->mi_class);
+                   goto fail;
+       }
        if (!module_compatible(mi->mi_version, __NetBSD_Version__)) {
                module_error("module `%s' built for `%d', system `%d'",
                    mi->mi_name, mi->mi_version, __NetBSD_Version__);
diff -r d6b739fad4cd -r acf04cc95c5e sys/sys/module.h
--- a/sys/sys/module.h  Mon Apr 08 11:02:58 2019 +0000
+++ b/sys/sys/module.h  Mon Apr 08 11:32:49 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: module.h,v 1.45 2019/04/08 11:02:58 pgoyette Exp $     */
+/*     $NetBSD: module.h,v 1.46 2019/04/08 11:32:49 pgoyette Exp $     */
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 #define        MAXMODNAME      32
 #define        MAXMODDEPS      10
 
-/* Module classes, provided only for system boot and cosmetic purposes. */
+/* Module classes, provided only for system boot and module validation. */
 typedef enum modclass {
        MODULE_CLASS_ANY,
        MODULE_CLASS_MISC,