Avoid using fgets in a compromised context in Linux Breakpad.

breakpad/linux/minidump_writer.cc

 // Copyright (c) 2009, Google Inc.
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 // notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
@@ skipping 42 matching lines @@
 #include <sys/ucontext.h>
 #include <sys/user.h>
 #include <sys/utsname.h>
 
 #include "client/minidump_file_writer.h"
 #include "google_breakpad/common/minidump_format.h"
 #include "google_breakpad/common/minidump_cpu_amd64.h"
 #include "google_breakpad/common/minidump_cpu_x86.h"
 
 #include "breakpad/linux/exception_handler.h"
+#include "breakpad/linux/line_reader.h"
 #include "breakpad/linux/linux_dumper.h"
 #include "breakpad/linux/linux_libc_support.h"
 #include "breakpad/linux/linux_syscall_support.h"
 #include "breakpad/linux/minidump_format_linux.h"
 
 // Minidump defines register structures which are different from the raw
 // structures which we get from the kernel. These are platform specific
 // functions to juggle the ucontext and user structures into minidump format.
 #if defined(__i386)
 typedef MDRawContextX86 RawContextCPU;
@@ skipping 571 matching lines @@
     // processor_architecture should always be set, do this first
     sys_info->processor_architecture =
 #if defined(__i386)
         MD_CPU_ARCHITECTURE_X86;
 #elif defined(__x86_64)
         MD_CPU_ARCHITECTURE_AMD64;
 #else
 #error "Unknown CPU arch"
 #endif
 
-    static const char proc_cpu_path[] = "/proc/cpuinfo";
-    FILE* fp = fopen(proc_cpu_path, "r");
-    if (!fp)
+    const int fd = sys_open("/proc/cpuinfo", O_RDONLY, 0);
+    if (fd < 0)
       return false;
 
     {
-      char line[128];
-      while (fgets(line, sizeof(line), fp)) {
+      PageAllocator allocator;
+      LineReader* const line_reader = new(allocator) LineReader(fd);
+      const char* line;
+      unsigned line_len;
+      while (line_reader->GetNextLine(&line, &line_len)) {
         for (size_t i = 0;
              i < sizeof(cpu_info_table) / sizeof(cpu_info_table[0]);
              i++) {
           CpuInfoEntry* entry = &cpu_info_table[i];
           if (entry->found)
-            continue;
+            goto popline;
           if (!strncmp(line, entry->info_name, strlen(entry->info_name))) {
             char* value = strchr(line, ':');
             if (!value)
-              continue;
+              goto popline;
 
             // the above strncmp only matches the prefix, it might be the wrong
             // line. i.e. we matched "model name" instead of "model".
             // check and make sure there is only spaces between the prefix and
             // the colon.
-            char* space_ptr = line + strlen(entry->info_name);
+            const char* space_ptr = line + strlen(entry->info_name);
             for (; space_ptr < value; space_ptr++) {
               if (!isspace(*space_ptr)) {
                 break;
               }
             }
             if (space_ptr != value)
-              continue;
+              goto popline;
 
             sscanf(++value, " %d", &(entry->value));
             entry->found = true;
           }
         }
 
         // special case for vendor_id
         if (!strncmp(line, vendor_id_name, vendor_id_name_length)) {
           char* value = strchr(line, ':');
           if (!value)
-            continue;
+            goto popline;
 
           // skip ':" and all the spaces that follows
           do {
             value++;
           } while (isspace(*value));
 
           if (*value) {
             size_t length = strlen(value);
             if (length == 0)
-              continue;
+              goto popline;
             // we don't want the trailing newline
             if (value[length - 1] == '\n')
               length--;
             // ensure we have space for the value
             if (length < sizeof(vendor_id))
               strncpy(vendor_id, value, length);
           }
         }
+
+popline:
+        line_reader->PopLine(line_len);
       }
-      fclose(fp);
+      sys_close(fd);
     }
 
     // make sure we got everything we wanted
     for (size_t i = 0;
          i < sizeof(cpu_info_table) / sizeof(cpu_info_table[0]);
          i++) {
       if (!cpu_info_table[i].found) {
         return false;
       }
     }
@@ skipping 120 matching lines @@
     return false;
   const ExceptionHandler::CrashContext* context =
       reinterpret_cast<const ExceptionHandler::CrashContext*>(blob);
   MinidumpWriter writer(filename, crashing_process, context);
   if (!writer.Init())
     return false;
   return writer.Dump();
 }
 
 }  // namespace google_breakpad