cheri: malloc: exact capability check in free/reallocarm/morello/main

Capability narrowing uses a lookup table from an address to the internally used wide capability. Keep the narrow capability in the table instead of just the address and check it. This allows free and realloc to check their input and only accept capabilities exactly matching what was returned by malloc. When a user adds restrictions on top of malloc returned capabilities (e.g. narrower bounds), realloc could bypass those restrictions when it simply looked up the internal wide capability for the address.
author: Szabolcs Nagy <szabolcs.nagy@arm.com> 2023-04-04 16:39:34 +0100
committer: Szabolcs Nagy <szabolcs.nagy@arm.com> 2023-04-05 15:29:59 +0100
commit: 33cb9de5cba0e3b428a2bab4bd8368bf55806430 (patch)
tree: 63884e6c4509f00baf13066ac12efcd6cf29b85c /sysdeps/generic/libc-cap.h
parent: 47e61ba7720c1c646077318e079dcb75224b1001 (diff)
download: glibc-arm/morello/main.zip
glibc-arm/morello/main.tar.gz
glibc-arm/morello/main.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/sysdeps/generic/libc-cap.h b/sysdeps/generic/libc-cap.h
index 9d93d61..4a385d8 100644
--- a/sysdeps/generic/libc-cap.h
+++ b/sysdeps/generic/libc-cap.h
@@ -39,5 +39,6 @@ void __libc_cap_link_error (void);
 #define __libc_cap_reserve(p) __libc_cap_fail (bool)
 #define __libc_cap_unreserve(p) __libc_cap_fail (void)
 #define __libc_cap_drop(p) __libc_cap_fail (void)
+#define __libc_cap_put_back(p, q) __libc_cap_fail (void)
 
 #endif
author	Szabolcs Nagy <szabolcs.nagy@arm.com>	2023-04-04 16:39:34 +0100
committer	Szabolcs Nagy <szabolcs.nagy@arm.com>	2023-04-05 15:29:59 +0100
commit	33cb9de5cba0e3b428a2bab4bd8368bf55806430 (patch)
tree	63884e6c4509f00baf13066ac12efcd6cf29b85c /sysdeps/generic/libc-cap.h
parent	47e61ba7720c1c646077318e079dcb75224b1001 (diff)
download	glibc-arm/morello/main.zip glibc-arm/morello/main.tar.gz glibc-arm/morello/main.tar.bz2