Untested mob_proto protection patch for memory overruns.

From: George (greerga@CIRCLEMUD.ORG)
Date: 03/02/98


This is a Linux-specific (sort of, change EXEC_PAGESIZE to PAGESIZE and
change the <asm/param.h> and it should work elsewhere...) patch which will
prevent ANY changes to the mob prototype structure (including OLC).  As
soon as your MUD attempts to overwrite it, (hopefully when it has its merry
walk over malloc data) it will crash.  Then GDB will tell you where it died
and who did it.

Anyone having crashes should try this out.  If you are using OLC, you'll
have to unprotect and reprotect the pages whenever someone saves a new
mobile. (Don't ask me how, try 'man mprotect' and PROT_READ|PROT_WRITE.
Note that you'll also have to recalculate the position of the structure
after the write.)

This isn't perfect. I've only tested it by starting the MUD, killing Puff,
and shutting it down. Hopefully it will be enough to at least lead people
in the right direction...

--- 8< --- 8< ---

diff -uprN -x Makefile -x *.o stk/comm.c memprot/comm.c
--- stk/comm.c  Wed Oct 29 17:04:08 1997
+++ memprot/comm.c      Mon Mar  2 23:23:12 1998
@@ -13,6 +13,12 @@
 #include "conf.h"
 #include "sysdep.h"

+/* --- */
+#include <sys/mman.h>
+#include <asm/param.h>
+extern int top_of_mobt;
+extern struct char_data *mob_proto;
+/* --- */

 #ifdef CIRCLE_WINDOWS          /* Includes for Win32 */
 # include <direct.h>
@@ -261,6 +267,14 @@ void init_game(int port)
   log("Signal trapping.");
   signal_setup();
 #endif
+
+  {
+    void *p = mob_proto;
+    p = (char *)(((int) p + EXEC_PAGESIZE - 1) & ~(EXEC_PAGESIZE - 1));
+    log("Protecting mob_proto...");
+    if (mprotect(p, sizeof(struct char_data) * (top_of_mobt + 1), PROT_READ) < 0)
+      perror("mprotect");
+  }

   log("Entering game loop.");


--
George Greer  -  Me@Null.net   | Genius may have its limitations, but stupidity
http://www.van.ml.org/~greerga | is not thus handicapped. -- Elbert Hubbard


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST