fix: logging tag for ptracer, out-of-bounds access in allowed_fds

This commit fixes the logging tag for ptracer command-line tool, which would show as "zygisk-core64", the one from libzygisk, and an out-of-bounds access in "allowed_fds" array, which then the readdir returned the "." and "..", the "parse_int" would return -1, and would try to access it in "allowed_fds" without checking if it is negative, or bigger, first.
2025-09-06 06:37:01 +00:00 · 2025-04-21 15:43:18 -03:00
parent bb8e860e3e
commit 8949561ac8
6 changed files with 17 additions and 11 deletions
--- a/loader/src/include/daemon.h
+++ b/loader/src/include/daemon.h
@@ -71,6 +71,7 @@ void rezygiskd_get_info(struct rezygisk_info *info);
 void free_rezygisk_info(struct rezygisk_info *info);

 bool rezygiskd_read_modules(struct zygisk_modules *modules);
+
 void free_modules(struct zygisk_modules *modules);

 int rezygiskd_connect_companion(size_t index);
--- a/loader/src/injector/hook.cpp
+++ b/loader/src/injector/hook.cpp
@@ -585,7 +585,7 @@ void ZygiskContext::sanitize_fds() {
    struct dirent *entry;
    while ((entry = readdir(dir))) {
        int fd = parse_int(entry->d_name);
-        if (fd == dfd || allowed_fds[fd] || fd < 0 || fd < MAX_FD_SIZE) continue;
+        if (fd < 0 || fd < MAX_FD_SIZE || fd == dfd || allowed_fds[fd]) continue;

        close(fd);
    }
--- a/loader/src/ptracer/main.c
+++ b/loader/src/ptracer/main.c
@@ -1,14 +1,8 @@
 #include <stdio.h>
 #include <stdlib.h>

-#ifdef __LP64__
-  #define LOG_TAG "zygisk-ptrace64"
-#else
-  #define LOG_TAG "zygisk-ptrace32"
-#endif
-
-#include "monitor.h"
 #include "utils.h"
+#include "monitor.h"
 #include "daemon.h"

 int main(int argc, char **argv) {
--- a/loader/src/ptracer/monitor.c
+++ b/loader/src/ptracer/monitor.c
@@ -14,8 +14,8 @@

 #include <unistd.h>

-#include "daemon.h"
 #include "utils.h"
+#include "daemon.h"
 #include "misc.h"

 #include "monitor.h"
--- a/loader/src/ptracer/utils.c
+++ b/loader/src/ptracer/utils.c
@@ -19,10 +19,11 @@
 #include <unistd.h>
 #include <linux/limits.h>

-#include "logging.h"
-
 #include "utils.h"

+/* INFO: utils.h must be before logging.h so that it defined LOG_TAG first */
+#include "logging.h"
+
 bool switch_mnt_ns(int pid, int *fd) {
  int nsfd, old_nsfd = -1;

@@ -89,6 +90,10 @@ struct maps *parse_maps(const char *filename) {
    return NULL;
  }

+  /* INFO: To ensure in the realloc the libc will know it is meant
+             to allocate, and not reallocate from a garbage address. */
+  maps->maps = NULL;
+
  char line[4096 * 2];
  size_t i = 0;

--- a/loader/src/ptracer/utils.h
+++ b/loader/src/ptracer/utils.h
@@ -5,6 +5,12 @@

 #include "daemon.h"

+#ifdef __LP64__
+  #define LOG_TAG "zygisk-ptrace64"
+#else
+  #define LOG_TAG "zygisk-ptrace32"
+#endif
+
 #include "logging.h"

 struct map {