Here's the situation:
I analyze the interaction of programs with the driver using the LD_PRELOADed module, which intercepts the ioctl () system call. The system I'm working with (Linux kernel 2.6.18), fortunately, has the length of the data encoded in the query parameter, so I can happily dump ioctl data with the right length.
However, many of this data has pointers to other structures, and I do not know their length (this is what I study in the end). Therefore, I look at the data for pointers and dump the data to this position. I am worried that this may leave my code open for segfaults if the pointer is close to the segment boundary (and my early testing seems to show that it is).
So, I was wondering what I can do to preempt whether the current process checks for a specific bias before trying to dereference? Is it possible?
Edit: just an update, since I forgot to mention something that can be very important, the target system is based on MIPS, although I am also testing my module on my x86 machine.
source
share