From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14166
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: sva sva <azharivs@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Hijacking malloc called within musl libc
Date: Thu, 30 May 2019 16:39:48 -0400
Message-ID: <CAKsLdYyB+xeLF42O010cE6VQEWtcLPhuWRj4_mY4dJ4Vn699ZQ@mail.gmail.com>
Reply-To: musl@lists.openwall.com
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="000000000000d2b8ed058a20e674"
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="259306"; mail-complaints-to="usenet@blaine.gmane.org"
To: musl@lists.openwall.com
Original-X-From: musl-return-14182-gllmg-musl=m.gmane.org@lists.openwall.com Thu May 30 22:40:16 2019
Return-path: <musl-return-14182-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <musl-return-14182-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1hWRqR-0015Mr-Vm
	for gllmg-musl@m.gmane.org; Thu, 30 May 2019 22:40:16 +0200
Original-Received: (qmail 3219 invoked by uid 550); 30 May 2019 20:40:12 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 3186 invoked from network); 30 May 2019 20:40:12 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=vIZ8KKBtQbAyb6C3vIswIdHTBJOxwl51PsGiBbMrquA=;
        b=kRl2Kqm4F+HUn8N3C/4XzYowGFAbCf66/wFy+IvRkCaZilfCSSakd6u4wVTfbUpzd5
         upD3w9cTCXg9tjiS031MOBWgowfLUDfHJiIErHOq5hqdKYIj8oVAP3vyNyh27aGik2QS
         ip/n+wIqD31e66BDdgHXZ97ePphiCtWYScpHWGbbztn/yXPZ7Zc9UX726x9YWk7FOg3w
         /yD2hM6ngHazmaTxd5Tsx0qQFizqigkCOWnOh3OIp7rCEbOFDyCzEKVPD4IdcKHm240h
         ffIRBGgcsHFfxJGSciTbZUrdOZ/XOcOO+cioYp73XfBrLoY5RCEPhZdEuUtEys73QINt
         sWAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=vIZ8KKBtQbAyb6C3vIswIdHTBJOxwl51PsGiBbMrquA=;
        b=TtQr0KPPuHNHK63RcdZ3x9q7hTZLW/AIvygh8pFf0IpCLid/eWIagiG6vmFLyIRKq9
         YCJzP6VppiLLGc/y3XPtxoRpajzWM9c07Nknj+Bs1gd11heHsihOHT31yThfdc9BxmcP
         9yqLu/qZz3R8ZQX6NGRFBcBUaCyp4/lcxqtdXN294R60hT2cxtsFOVnggrCQp8vPs8AG
         xyoqAtl8n0SMYLlpLc/cYyC80iG2/h4fsxfj3eF3aZCkPJag/Dq9zZUslGC1jxXJH036
         25Cd4hkdcbLR1+zhndgg3B9Sku2qWZUsGuQIG6nyu/XhL0y5biipQ4mwpZ3EQbzJGJ4l
         ImYw==
X-Gm-Message-State: APjAAAWInr/yAvHbp77ks2SBUdKyrkoQ7ItTN8dikvY/fY86xGskjN1M
	tIrlKmeOR6nUc21y3McNTKsew+xG7HbVpaWp2LOqTVMs
X-Google-Smtp-Source: APXvYqyJnZMclqBExPpvIScKYTqta9au0wNqzFlNbvN8tEFwZ62WMLyIG9aKeyUdX3FzJhQA3gQ+MhLO3CQwT+92Wxs=
X-Received: by 2002:a5d:97d2:: with SMTP id k18mr4328248ios.130.1559248799708;
 Thu, 30 May 2019 13:39:59 -0700 (PDT)
Xref: news.gmane.org gmane.linux.lib.musl.general:14166
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/14166>

--000000000000d2b8ed058a20e674
Content-Type: text/plain; charset="UTF-8"

I am LD_PRELOADing an application my own malloc which eventually calls the
libc malloc. Everything is fine until the code hits malloc which is called
from musl's own libc which doesn't get overloaded. I want those to be
overloaded as well.

More specifically this is the part of libc for scandir code at
src/dirent/scandir.c:
tmp = realloc(names, len * sizeof *names);

I checked how this works for glibc, and apparently they use
__libc_malloc/etc. internally and have malloc as a weak alias for that
which is used every where including the rest of the standard library.
However in musl, there is no such thing as a weak alias defined for
malloc/etc.

I am kind of stuck here so would appreciate some help.

Thanks

Vahid

--000000000000d2b8ed058a20e674
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I am LD_PRELOADing an application my own malloc which=
 eventually calls the libc malloc. Everything is fine until the code hits m=
alloc which is called from musl&#39;s own libc which doesn&#39;t get overlo=
aded. I want those to be overloaded as well. <br></div><div><br></div><div>=
More specifically this is the part of libc for scandir code at</div><div>sr=
c/dirent/scandir.c:</div><div></div><div>			tmp =3D realloc(names, len * si=
zeof *names);</div><div><br></div><div>I checked how this works for glibc, =
and apparently they use __libc_malloc/etc. internally and have malloc as a =
weak alias for that which is used every where including the rest of the sta=
ndard library. However in musl, there is no such thing as a weak alias defi=
ned for malloc/etc.</div><div><br></div><div>I am kind of stuck here so wou=
ld appreciate some help.</div><div><br></div><div>Thanks</div><div><br></di=
v><div>Vahid<br></div></div>

--000000000000d2b8ed058a20e674--