Version bump to 1.13

Source/santa_driver/SantaCache.h

@@ -29,7 +29,6 @@
 #include <cstdio>
 #include <cstdlib>
 #include <cstring>
-// TODO(rah): Consider templatizing these.
 #define panic(args...) printf(args); printf("\n"); abort()
 #define IOMallocAligned(sz, alignment) malloc(sz);
 #define IOFreeAligned(addr, sz) free(addr)
@@ -78,6 +77,7 @@ template<typename KeyT, typename ValueT> class SantaCache {
     if (unlikely(per_bucket > 64)) per_bucket = 64;
     max_size_ = maximum_size;
     bucket_count_ = (1 << (32 - __builtin_clz((((uint32_t)max_size_ / per_bucket) - 1) ?: 1)));
+    if (unlikely(bucket_count_ > UINT32_MAX)) bucket_count_ = UINT32_MAX;
     buckets_ = (struct bucket *)IOMallocAligned(bucket_count_ * sizeof(struct bucket), 2);
     bzero(buckets_, bucket_count_ * sizeof(struct bucket));
   }
@@ -197,6 +197,11 @@ template<typename KeyT, typename ValueT> class SantaCache {
     if (per_bucket_counts == nullptr || array_size == nullptr || start_bucket == nullptr) return;
 
     uint64_t start = *start_bucket;
+    if (start >= bucket_count_) {
+      *start_bucket = 0;
+      return;
+    }
+
     uint16_t size = *array_size;
     if (start + size > bucket_count_) size = bucket_count_ - start;
 

Source/santa_driver/SantaCacheTest.mm

@@ -251,7 +251,7 @@ template<> uint64_t SantaCacheHasher<S>(S const& s) {
 }
 
 - (void)testStructKeys {
-  auto sut =  SantaCache<S, uint64_t>(10, 2);
+  auto sut = SantaCache<S, uint64_t>(10, 2);
 
   S s1 = {1024, 2048};
   S s2 = {4096, 8192};
@@ -265,4 +265,22 @@ template<> uint64_t SantaCacheHasher<S>(S const& s) {
   XCTAssertEqual(sut.get(s3), 30);
 }
 
+- (void)testBucketCounts {
+  auto sut = new SantaCache<uint64_t, uint64_t>(UINT16_MAX, 1);
+
+  // These tests verify that the bucket_counts() function can't be abused
+  // with integer {over,under}flow issues in the input or going out-of-bounds
+  // on the buckets array.
+  uint16_t size = 2048;
+  uint64_t start = (UINT64_MAX - 2047);
+  uint16_t per_bucket_counts[2048];
+  sut->bucket_counts(per_bucket_counts, &size, &start);
+  XCTAssertEqual(start, 0, @"Check a high start can't overflow");
+
+  size = UINT16_MAX;
+  start = UINT16_MAX - 1;
+  sut->bucket_counts(per_bucket_counts, &size, &start);
+  XCTAssertEqual(start, 0, @"Check a large size can't overflow");
+}
+
 @end

Source/santa_driver/SantaDecisionManager.cc

@@ -185,11 +185,17 @@ void SantaDecisionManager::SetLogPort(mach_port_t port) {
 }
 
 IOMemoryDescriptor *SantaDecisionManager::GetDecisionMemoryDescriptor() const {
-  return decision_dataqueue_->getMemoryDescriptor();
+  lck_mtx_lock(decision_dataqueue_lock_);
+  IOMemoryDescriptor *r = decision_dataqueue_->getMemoryDescriptor();
+  lck_mtx_unlock(decision_dataqueue_lock_);
+  return r;
 }
 
 IOMemoryDescriptor *SantaDecisionManager::GetLogMemoryDescriptor() const {
-  return log_dataqueue_->getMemoryDescriptor();
+  lck_mtx_lock(log_dataqueue_lock_);
+  IOMemoryDescriptor *r = log_dataqueue_->getMemoryDescriptor();
+  lck_mtx_unlock(log_dataqueue_lock_);
+  return r;
 }
 
 #pragma mark Listener Control

Source/santa_driver/SantaDriverClient.cc

@@ -293,7 +293,7 @@ IOReturn SantaDriverClient::externalMethod(
     { &SantaDriverClient::filemod_prefix_filter_reset, 0, 0, 0, 0 },
   };
 
-  if (selector > static_cast<UInt32>(kSantaUserClientNMethods)) {
+  if (selector >= static_cast<UInt32>(kSantaUserClientNMethods)) {
     return kIOReturnBadArgument;
   }
 

version.bzl

@@ -1,3 +1,3 @@
 """The version for all Santa components."""
 
-SANTA_VERSION = "1.12"
+SANTA_VERSION = "1.13"