From: "Lothar Waßmann" <LW@KARO-electronics.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 10/10] gpt: harden set_gpt_info() against non NULL-terminated strings
Date: Mon, 3 Jul 2017 08:37:11 +0200 [thread overview]
Message-ID: <20170703083711.02c040ce@karo-electronics.de> (raw)
In-Reply-To: <1498949084-28304-1-git-send-email-alison@peloton-tech.com>
Hi,
On Sat, 1 Jul 2017 15:44:44 -0700 alison at peloton-tech.com wrote:
> From: Alison Chaiken <alison@peloton-tech.com>
>
> Strings read from devices may sometimes fail to be
> NULL-terminated. The functions in lib/string.c are subject to
> failure in this case. Protect against observed failures in
> set_gpt_info() by switching to length-checking variants with a length
> limit of the maximum possible partition table length. At the same
> time, add a few checks for NULL string pointers.
>
> Here is an example as observed in sandbox under GDB:
>
> => gpt verify host 0 $partitions
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000477747 in strlen (s=0x0) at lib/string.c:267
> 267 for (sc = s; *sc != '\0'; ++sc)
> (gdb) bt
> #0 0x0000000000477747 in strlen (s=0x0) at lib/string.c:267
> #1 0x00000000004140b2 in set_gpt_info (str_part=<optimized out>,
> str_disk_guid=str_disk_guid at entry=0x7fffffffdbe8, partitions=partitions at entry=0x7fffffffdbd8,
> parts_count=parts_count at entry=0x7fffffffdbcf "", dev_desc=<optimized out>) at cmd/gpt.c:415
> #2 0x00000000004145b9 in gpt_verify (str_part=<optimized out>, blk_dev_desc=0x7fffef09a9d0) at cmd/gpt.c:580
> #3 do_gpt (cmdtp=<optimized out>, flag=<optimized out>, argc=<optimized out>, argv=0x7fffef09a8f0)
> at cmd/gpt.c:783
> #4 0x00000000004295b0 in cmd_call (argv=0x7fffef09a8f0, argc=0x5, flag=<optimized out>,
> cmdtp=0x714e20 <_u_boot_list_2_cmd_2_gpt>) at common/command.c:500
> #5 cmd_process (flag=<optimized out>, argc=0x5, argv=0x7fffef09a8f0,
> repeatable=repeatable at entry=0x726c04 <flag_repeat>, ticks=ticks at entry=0x0) at common/command.c:539
>
> Suggested-by: Lothar Waßmann <LW@karo-electronics.de>
> Signed-off-by: Alison Chaiken <alison@peloton-tech.com>
> ---
> cmd/gpt.c | 28 +++++++++++++++++++---------
> 1 file changed, 19 insertions(+), 9 deletions(-)
>
> diff --git a/cmd/gpt.c b/cmd/gpt.c
> index 73bf273..8bd7bdf 100644
> --- a/cmd/gpt.c
> +++ b/cmd/gpt.c
> @@ -233,7 +233,7 @@ static void print_gpt_info(void)
> }
> }
>
> -#ifdef CONFIG_CMD_GPT_RENAME
> +
> static int calc_parts_list_len(int numparts)
> {
> int partlistlen = UUID_STR_LEN + 1 + strlen("uuid_disk=");
> @@ -253,6 +253,7 @@ static int calc_parts_list_len(int numparts)
> return partlistlen;
> }
>
> +#ifdef CONFIG_CMD_GPT_RENAME
> /*
> * create the string that upstream 'gpt write' command will accept as an
> * argument
> @@ -381,6 +382,7 @@ static int set_gpt_info(struct blk_desc *dev_desc,
> int errno = 0;
> uint64_t size_ll, start_ll;
> lbaint_t offset = 0;
> + int max_str_part = calc_parts_list_len(MAX_SEARCH_PARTITIONS);
>
indentation should use tabs not spaces (scripts/checkpatch.pl would tell
you).
> debug("%s: lba num: 0x%x %d\n", __func__,
> (unsigned int)dev_desc->lba, (unsigned int)dev_desc->lba);
> @@ -398,6 +400,8 @@ static int set_gpt_info(struct blk_desc *dev_desc,
> if (!val) {
> #ifdef CONFIG_RANDOM_UUID
> *str_disk_guid = malloc(UUID_STR_LEN + 1);
> + if (str_disk_guid == NULL)
> + return -ENOMEM;
> gen_rand_uuid_str(*str_disk_guid, UUID_STR_FORMAT_STD);
> #else
> free(str);
> @@ -412,10 +416,14 @@ static int set_gpt_info(struct blk_desc *dev_desc,
> /* Move s to first partition */
> strsep(&s, ";");
> }
> - if (strlen(s) == 0)
> + if (s == NULL) {
> + printf("Error: is the partitions string NULL-terminated?\n");
> + return -EINVAL;
>
dto.
Lothar Waßmann
next prev parent reply other threads:[~2017-07-03 6:37 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-21 2:27 [U-Boot] [PATCH 0/3] add support for GPT partition name manipulation alison at peloton-tech.com
2017-05-21 2:27 ` [U-Boot] [PATCH 1/3] GPT: add accessor function for disk GUID alison at peloton-tech.com
2017-05-26 12:38 ` Tom Rini
2017-05-21 2:27 ` [U-Boot] [PATCH 2/3] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-05-26 12:39 ` Tom Rini
2017-05-21 2:27 ` [U-Boot] [PATCH 3/3] rename GPT partitions to detect boot failure alison at peloton-tech.com
2017-05-26 12:39 ` Tom Rini
2017-05-29 9:25 ` Lothar Waßmann
2017-05-26 12:38 ` [U-Boot] [PATCH 0/3] add support for GPT partition name manipulation Tom Rini
2017-05-29 16:49 ` [U-Boot] [PATCH v2 0/6] " alison at peloton-tech.com
2017-05-29 16:49 ` [U-Boot] [PATCH v2 1/6] EFI: replace number with UUID_STR_LEN macro alison at peloton-tech.com
2017-05-31 2:07 ` Tom Rini
2017-05-31 7:37 ` Lukasz Majewski
2017-05-29 16:49 ` [U-Boot] [PATCH v2 2/6] disk_partition: introduce macros for description string lengths alison at peloton-tech.com
2017-05-31 7:37 ` Lukasz Majewski
2017-05-31 13:50 ` Tom Rini
2017-05-29 16:49 ` [U-Boot] [PATCH v2 3/6] GPT: add accessor function for disk GUID alison at peloton-tech.com
2017-05-30 6:46 ` Lothar Waßmann
2017-06-03 2:22 ` [U-Boot] [PATCH v3 0/5] add support for GPT partition name manipulation alison at peloton-tech.com
2017-06-03 2:22 ` [U-Boot] [PATCH v3 1/5] GPT: add accessor function for disk GUID alison at peloton-tech.com
2017-06-06 8:20 ` Lothar Waßmann
2017-06-10 5:27 ` [U-Boot] [PATCH v5 1/3] " alison at peloton-tech.com
2017-06-11 13:38 ` Tom Rini
2017-06-03 2:22 ` [U-Boot] [PATCH v3 2/5] partitions: increase MAX_SEARCH_PARTITIONS and move to part.h alison at peloton-tech.com
2017-06-03 11:52 ` Lukasz Majewski
2017-06-03 2:22 ` [U-Boot] [PATCH v3 3/5] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-06-06 8:28 ` Lothar Waßmann
2017-06-10 5:30 ` [U-Boot] [PATCH v5 2/3] " alison at peloton-tech.com
2017-06-11 13:38 ` Tom Rini
2017-06-06 10:43 ` [U-Boot] [PATCH v3 3/5] " Lothar Waßmann
2017-06-03 2:22 ` [U-Boot] [PATCH v3 4/5] rename GPT partitions to detect boot failure alison at peloton-tech.com
2017-06-06 8:20 ` Lothar Waßmann
2017-06-10 5:35 ` [U-Boot] [PATCH v5 3/3] " alison at peloton-tech.com
2017-06-10 6:51 ` Wolfgang Denk
2017-06-10 23:27 ` Alison Chaiken
2017-06-10 23:33 ` [U-Boot] [PATCH v6 3/3] GPT: provide commands to selectively rename partitions alison at peloton-tech.com
2017-06-11 13:38 ` Tom Rini
2017-06-11 16:03 ` [U-Boot] [PATCH v7] " alison at peloton-tech.com
2017-06-12 7:45 ` [U-Boot] [PATCH v6 3/3] " Wolfgang Denk
2017-06-12 14:24 ` Alison Chaiken
2017-06-12 14:56 ` Tom Rini
2017-06-18 11:08 ` Wolfgang Denk
2017-06-25 23:43 ` [U-Boot] [PATCH v7 0/9] add support for GPT partition name manipulation alison at peloton-tech.com
2017-06-25 23:43 ` [U-Boot] [PATCH v7 1/9] EFI: replace number with UUID_STR_LEN macro alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 2/9] disk_partition: introduce macros for description string lengths alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 3/9] GPT: fix error in partitions string doc alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 4/9] sandbox: README: fix partition command invocation alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 5/9] cmd gpt: test in sandbox alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot,v7,5/9] " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 6/9] partitions: increase MAX_SEARCH_PARTITIONS and move to part.h alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 7/9] GPT: add accessor function for disk GUID alison at peloton-tech.com
2017-08-07 13:55 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 8/9] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-06-26 7:34 ` Lothar Waßmann
2017-07-01 22:42 ` [U-Boot] [PATCH v8 8/10] " alison at peloton-tech.com
2017-07-03 6:52 ` Lothar Waßmann
2017-07-04 18:18 ` [U-Boot] [PATCH v8 08/10] " alison at peloton-tech.com
2017-08-07 13:55 ` [U-Boot] [U-Boot, v8, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 9/9] GPT: provide commands to selectively rename partitions alison at peloton-tech.com
2017-06-26 1:52 ` Bin Meng
2017-06-26 2:11 ` alison at peloton-tech.com
2017-06-26 7:55 ` Lothar Waßmann
2017-07-01 22:44 ` [U-Boot] [PATCH 09/10] " alison at peloton-tech.com
2017-06-18 11:03 ` [U-Boot] [PATCH v6 3/3] " Wolfgang Denk
2017-06-25 21:54 ` Alison Chaiken
2017-06-26 22:47 ` Tom Rini
2017-06-27 7:05 ` Lothar Waßmann
2017-06-27 9:12 ` Lothar Waßmann
2017-07-01 22:44 ` [U-Boot] [PATCH 10/10] gpt: harden set_gpt_info() against non NULL-terminated strings alison at peloton-tech.com
2017-07-03 6:37 ` Lothar Waßmann [this message]
2017-07-04 18:19 ` [U-Boot] [PATCH v2 " alison at peloton-tech.com
2017-08-07 13:55 ` [U-Boot] [U-Boot, v2, " Tom Rini
2017-07-01 22:36 ` [U-Boot] [PATCH v6 3/3] GPT: provide commands to selectively rename partitions Alison Chaiken
2017-07-03 6:40 ` Lothar Waßmann
2017-07-04 18:19 ` [U-Boot] [PATCH v8 09/10] " alison at peloton-tech.com
2017-08-07 13:55 ` [U-Boot] [U-Boot, v8, " Tom Rini
2017-06-03 2:22 ` [U-Boot] [PATCH v3 5/5] GPT: fix error in partitions string doc alison at peloton-tech.com
2017-06-03 11:48 ` [U-Boot] [PATCH v3 0/5] add support for GPT partition name manipulation Lukasz Majewski
2017-05-31 7:44 ` [U-Boot] [PATCH v2 3/6] GPT: add accessor function for disk GUID Lukasz Majewski
2017-05-31 8:47 ` Lothar Waßmann
2017-05-29 16:49 ` [U-Boot] [PATCH v2 4/6] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-05-30 7:37 ` Lothar Waßmann
2017-06-01 6:34 ` Chaiken, Alison
2017-06-01 9:48 ` Lothar Waßmann
2017-05-31 7:48 ` Lukasz Majewski
2017-05-31 8:48 ` Lothar Waßmann
2017-05-31 11:11 ` Lukasz Majewski
2017-05-31 13:42 ` Lothar Waßmann
2017-05-31 14:07 ` Lukasz Majewski
2017-05-29 16:49 ` [U-Boot] [PATCH v2 5/6] rename GPT partitions to detect boot failure alison at peloton-tech.com
2017-05-30 7:38 ` Lothar Waßmann
2017-05-31 8:12 ` Lukasz Majewski
2017-06-01 7:04 ` Chaiken, Alison
2017-06-01 8:21 ` Lukasz Majewski
2017-06-01 15:06 ` Chaiken, Alison
2017-06-01 18:20 ` Lukasz Majewski
2017-06-04 22:11 ` [U-Boot] [PATCH v4 0/5] add support for GPT partition name manipulation alison at peloton-tech.com
2017-06-04 22:11 ` [U-Boot] [PATCH v4 1/5] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-06-04 22:11 ` [U-Boot] [PATCH v4 2/5] rename GPT partitions to detect boot failure alison at peloton-tech.com
2017-06-04 22:11 ` [U-Boot] [PATCH v4 3/5] GPT: fix error in partitions string doc alison at peloton-tech.com
2017-06-04 22:11 ` [U-Boot] [PATCH 4/5] sandbox: README: fix partition command invocation alison at peloton-tech.com
2017-06-09 12:28 ` Simon Glass
2017-06-15 19:21 ` sjg at google.com
2017-06-04 22:11 ` [U-Boot] [PATCH 5/5] cmd gpt: test in sandbox alison at peloton-tech.com
2017-06-15 19:21 ` sjg at google.com
2017-08-27 23:02 ` [U-Boot] [PATCH v2 5/6] rename GPT partitions to detect boot failure Chaiken, Alison
2017-08-28 7:54 ` Łukasz Majewski
2017-08-28 11:16 ` Tom Rini
2017-05-29 16:49 ` [U-Boot] [PATCH v2 6/6] GPT: fix error in partitions string doc alison at peloton-tech.com
2017-05-31 8:14 ` Lukasz Majewski
2017-05-31 11:21 ` Lukasz Majewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170703083711.02c040ce@karo-electronics.de \
--to=lw@karo-electronics.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.