From 919efc620a0182d60cef1a749775476e8f06a52d Mon Sep 17 00:00:00 2001
From: Anton Lindqvist <anton@basename.se>
Date: Sun, 21 Jul 2019 10:49:42 +0200
Subject: sys/openbsd: prevent swap partition device nodes from being created

Writing to the swap partition during fuzzing can lead to all kinds of
corruptions[1].

[1] https://syzkaller.appspot.com/bug?id=a2eca15e6e0be4be3ed1b0b2bab3332edc317b1c
---
 sys/openbsd/init.go      |  7 ++++---
 sys/openbsd/init_test.go | 12 +++++++++++-
 2 files changed, 15 insertions(+), 4 deletions(-)

(limited to 'sys/openbsd')

diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index 0d79a96ff..404536dfa 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -112,9 +112,10 @@ func (arch *arch) SanitizeCall(c *prog.Call) {
 			dev.Val = devNullDevT
 		}
 
-		// Prevent /dev/sd0c nodes from being created since the refer to
-		// the raw root disk.
-		if devmajor(dev.Val) == 4 && devminor(dev.Val) == 2 {
+		// Prevent /dev/sd0b (swap partition) and /dev/sd0c (raw disk)
+		// nodes from being created. Writing to such devices can corrupt
+		// the file system.
+		if devmajor(dev.Val) == 4 && (devminor(dev.Val) == 1 || devminor(dev.Val) == 2) {
 			dev.Val = devNullDevT
 		}
 	case "mlockall":
diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go
index 65e89b920..186b199c0 100644
--- a/sys/openbsd/init_test.go
+++ b/sys/openbsd/init_test.go
@@ -41,9 +41,19 @@ func TestSanitizeCall(t *testing.T) {
 			`mknod(0x0, 0x0, 0x1600)`,
 			`mknod(0x0, 0x0, 0x1600)`,
 		},
+		{
+			// major=4, minor=0
+			`mknod(0x0, 0x0, 0x400)`,
+			`mknod(0x0, 0x0, 0x400)`,
+		},
+		{
+			// major=4, minor=1
+			`mknod(0x0, 0x0, 0x401)`,
+			`mknod(0x0, 0x0, 0x202)`,
+		},
 		{
 			// major=4, minor=2
-			`mknod(0x0, 0x0, 0x0402)`,
+			`mknod(0x0, 0x0, 0x402)`,
 			`mknod(0x0, 0x0, 0x202)`,
 		},
 		{
-- 
cgit mrf-deployment