Enhance wasm loader and interpreter, enhance code security and update document (#149)

2019-12-13 15:30:30 +08:00
parent 1c81ad6da5
commit 631b7a2403
45 changed files with 678 additions and 646 deletions
--- a/core/iwasm/lib/native/libc/wasi_wrapper.c
+++ b/core/iwasm/lib/native/libc/wasi_wrapper.c
@ -712,8 +712,8 @@ wasi_path_link(wasm_module_inst_t module_inst,
    old_path = (char*)addr_app_to_native(old_path_offset);
    new_path = (char*)addr_app_to_native(new_path_offset);

-    return wasmtime_ssp_path_link(wasi_ctx->curfds, old_fd,
-                                  old_flags, old_path, old_path_len,
+    return wasmtime_ssp_path_link(wasi_ctx->curfds, wasi_ctx->prestats,
+                                  old_fd, old_flags, old_path, old_path_len,
                                  new_fd, new_path, new_path_len);
 }

@ -961,8 +961,8 @@ wasi_path_symlink(wasm_module_inst_t module_inst,
    old_path = (char*)addr_app_to_native(old_path_offset);
    new_path = (char*)addr_app_to_native(new_path_offset);

-    return wasmtime_ssp_path_symlink(wasi_ctx->curfds, old_path,
-                                     old_path_len, fd, new_path,
+    return wasmtime_ssp_path_symlink(wasi_ctx->curfds, wasi_ctx->prestats,
+                                     old_path, old_path_len, fd, new_path,
                                     new_path_len);
 }

--- a/core/iwasm/lib/native/libc/wasmtime-wasi-c/sandboxed-system-primitives/include/wasmtime_ssp.h
+++ b/core/iwasm/lib/native/libc/wasmtime-wasi-c/sandboxed-system-primitives/include/wasmtime_ssp.h
@ -661,6 +661,7 @@ __wasi_errno_t wasmtime_ssp_path_create_directory(
 __wasi_errno_t wasmtime_ssp_path_link(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
    struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
    __wasi_fd_t old_fd,
    __wasi_lookupflags_t old_flags,
@ -774,6 +775,7 @@ __wasi_errno_t wasmtime_ssp_path_filestat_set_times(
 __wasi_errno_t wasmtime_ssp_path_symlink(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
    struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
    const char *old_path,
    size_t old_path_len,
--- a/core/iwasm/lib/native/libc/wasmtime-wasi-c/sandboxed-system-primitives/src/posix.c
+++ b/core/iwasm/lib/native/libc/wasmtime-wasi-c/sandboxed-system-primitives/src/posix.c
@ -1689,9 +1689,37 @@ __wasi_errno_t wasmtime_ssp_path_create_directory(
  return 0;
 }

+static bool
+validate_path(const char *path, struct fd_prestats *pt)
+{
+    size_t i;
+    char path_resolved[PATH_MAX], prestat_dir_resolved[PATH_MAX];
+    char *path_real, *prestat_dir_real;
+
+    if (!(path_real = realpath(path, path_resolved)))
+        /* path doesn't exist, creating a link to this file
+           is allowed: if this file is to be created in
+           the future, WASI will strictly check whether it
+           can be created or not. */
+        return true;
+
+    for (i = 0; i < pt->size; i++) {
+        if (pt->prestats[i].dir) {
+            if (!(prestat_dir_real = realpath(pt->prestats[i].dir,
+                                              prestat_dir_resolved)))
+                return false;
+            if (!strncmp(path_real, prestat_dir_real, strlen(prestat_dir_real)))
+                return true;
+        }
+    }
+
+    return false;
+}
+
 __wasi_errno_t wasmtime_ssp_path_link(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
    struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
    __wasi_fd_t old_fd,
    __wasi_lookupflags_t old_flags,
@ -1715,6 +1743,14 @@ __wasi_errno_t wasmtime_ssp_path_link(
    return error;
  }

+  rwlock_rdlock(&prestats->lock);
+  if (!validate_path(old_pa.path, prestats)
+      || !validate_path(new_pa.path, prestats)) {
+      rwlock_unlock(&prestats->lock);
+      return __WASI_EBADF;
+  }
+  rwlock_unlock(&prestats->lock);
+
  int ret = linkat(old_pa.fd, old_pa.path, new_pa.fd, new_pa.path,
                   old_pa.follow ? AT_SYMLINK_FOLLOW : 0);
  if (ret < 0 && errno == ENOTSUP && !old_pa.follow) {
@ -1723,6 +1759,14 @@ __wasi_errno_t wasmtime_ssp_path_link(
    size_t target_len;
    char *target = readlinkat_dup(old_pa.fd, old_pa.path, &target_len);
    if (target != NULL) {
+      bh_assert(target[target_len] == '\0');
+      rwlock_rdlock(&prestats->lock);
+      if (!validate_path(target, prestats)) {
+          rwlock_unlock(&prestats->lock);
+          bh_free(target);
+          return __WASI_EBADF;
+      }
+      rwlock_unlock(&prestats->lock);
      ret = symlinkat(target, new_pa.fd, new_pa.path);
      bh_free(target);
    }
@ -2245,6 +2289,7 @@ __wasi_errno_t wasmtime_ssp_path_filestat_set_times(
 __wasi_errno_t wasmtime_ssp_path_symlink(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
    struct fd_table *curfds,
+    struct fd_prestats *prestats,
 #endif
    const char *old_path,
    size_t old_path_len,
@ -2264,6 +2309,14 @@ __wasi_errno_t wasmtime_ssp_path_symlink(
    return error;
  }

+  rwlock_rdlock(&prestats->lock);
+  if (!validate_path(target, prestats)) {
+      rwlock_unlock(&prestats->lock);
+      bh_free(target);
+      return __WASI_EBADF;
+  }
+  rwlock_unlock(&prestats->lock);
+
  int ret = symlinkat(target, pa.fd, pa.path);
  path_put(&pa);
  bh_free(target);