From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1nvbIZ-0006Nb-2z for mharc-grub-devel@gnu.org; Mon, 30 May 2022 05:02:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54950) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nvbIW-0006LQ-Qt for grub-devel@gnu.org; Mon, 30 May 2022 05:02:49 -0400 Received: from mx0a-00069f02.pphosted.com ([205.220.165.32]:31930) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nvbIS-0005sF-0S for grub-devel@gnu.org; Mon, 30 May 2022 05:02:47 -0400 Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 24U7riD5013956 for ; Mon, 30 May 2022 09:02:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : mime-version; s=corp-2021-07-09; bh=KVc6zojkTAa+CSbuIVFX7KRnwa8C8CYcuZOk5rDTOcU=; b=UmuaDqbhZTyR24gmxqbgdsrXdpTMlTiHRTn6vakh8hR8EL96K06hqVpYNrPNTSIajb9L qlP23UEk9EnH7NBoo9Vcdk7bGfp/tSLLVzoAhVrBb+JPZQazLzAQR5RpHoRJPuMc0kqb NTiP/wIa0prXTJRJGZHBKVCkQoVuNZQBZs1KIFfAltez8gTs1JnApFqM6OlDgUHf7WN2 pZYLv/QwBGyWqN53hgHE0IeC1I5/Q4uyLzyN7baNtESYmZ5mUEQ6U0W4j8dOB0cOX1Fh j+cLPmqqqAELG/QA3auG2O1zYv9ZP5oJrC9xoixc0Hp1zHASzQyjdKIXo95ZQmvfuG2n nQ== Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta03.appoci.oracle.com [130.35.103.27]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3gbcaujha4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 30 May 2022 09:02:36 +0000 Received: from pps.filterd (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (8.16.1.2/8.16.1.2) with SMTP id 24U91WnI010902 for ; Mon, 30 May 2022 09:02:35 GMT Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2172.outbound.protection.outlook.com [104.47.57.172]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com with ESMTP id 3gc8kdrv5y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 30 May 2022 09:02:35 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NOzsHI4MWfRiv195L46ZPte0qP3PkABbpc9mA5d6sniAtw8O1XN26tWUQ1WKxBFRILX0bSF7Dtt/Yqew0DgM13j6YDTRQpoXAcVLjpV8RfepNHWEpm0Fbr0Snr1yKNZPOFZyNidl9spwNzd+AtEHeEmwrV4RI4VthaxKC/8RfBs6CqT2SlRBjETwmdd+Gj3lQQKo43XWvr8/wn+GV0d8NLHGSWp1CJZ2HJ1J2MfF5jT40IW4CJW8DZ3nd01vamLFpoJ2x/IykTU2+wCMYeFXrMHaUku5OxcUN8WxeokUpRdfFOvjCqzWigr0t+I9NxL1e5qPVX8GhY3fJMipXdqHyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KVc6zojkTAa+CSbuIVFX7KRnwa8C8CYcuZOk5rDTOcU=; b=L2VZQeQG/JVuRZnuoN+5w0uQVVTpRPfk/NXmYn90xmeEi6YiOCKHXOl+DWY9J0bd0owRVVJ+yAGE6w++kjPdcxcCcb/5ARHY/LQokHneQPNzQpxYGMs+ZKxZqLpIrlCYfKTQmbnImk/u2GHpEZzYFWV4lP4yDN0mg91Juw9MOcRq49xd4kFTDf96K2KHcWgJ+jvDXAXLoTdrN5BjsSvrXgJgdq026jwq8G3NfBEecwv66ZfC0ql7W3br0dHXMN2DxorrTLm6725ZCC/Bagfdlan1NHzA2cZsJMk0GnC8ZsBjwF526zx3bNmOKcxKvIEdS9SEOe/+JsynZWK+A02PJw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KVc6zojkTAa+CSbuIVFX7KRnwa8C8CYcuZOk5rDTOcU=; b=f+BtZ/GhAMRlDoHdkT0mIPAr1CUFtkv8RNB2RLxAGjpgMaYwBbNLtNIpHM55Ko/0CevEbxW1JxG3dCZ9gPATYHhFCP2e8SFYigXge5htNNbaVKZzEgjIVL+Oii0IA9QzAq6EwJARqsq7I/f54B6hEycA1mj9C7juPtiDynlid18= Received: from BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) by SJ0PR10MB5534.namprd10.prod.outlook.com (2603:10b6:a03:3fd::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Mon, 30 May 2022 09:02:33 +0000 Received: from BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::94bf:816a:120e:37e7]) by BLAPR10MB5138.namprd10.prod.outlook.com ([fe80::94bf:816a:120e:37e7%8]) with mapi id 15.20.5293.019; Mon, 30 May 2022 09:02:33 +0000 From: Darren Kenny To: Alec Brown , grub-devel@gnu.org Cc: daniel.kiper@oracle.com, alec.r.brown@oracle.com Subject: Re: [PATCH 0/6] Fix coverity bugs and add checks for elf values in grub-core In-Reply-To: <1653593392-1932-1-git-send-email-alec.r.brown@oracle.com> References: <1653593392-1932-1-git-send-email-alec.r.brown@oracle.com> Date: Mon, 30 May 2022 10:02:29 +0100 Message-ID: Content-Type: text/plain X-ClientProxiedBy: DB7PR05CA0031.eurprd05.prod.outlook.com (2603:10a6:10:36::44) To BLAPR10MB5138.namprd10.prod.outlook.com (2603:10b6:208:322::8) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 411da8ff-fcc2-4bfb-29cd-08da421b224a X-MS-TrafficTypeDiagnostic: SJ0PR10MB5534:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: W0B7ot00cowmUVq3OXNUsHN1X+RjyXrNTqBLtSYrqHaprTexMA3D52lNULT+LaFuIsytUwMY5i1BRWkGcNU/D86vB0RHQbdXbTJqxIF08LuzsYsoebUl0KAlIqQeiIsl71XKcGxX7DB8hBelDi2wZKK7MSphAj6Zuze7bbSd9E6oNgY877G40l7iS7XPzwjmfxEr/d4ZRcjkTe42xZRzQEmk4/EC/XwoCZvNU3DcKfn7SuZl+O3jD1uy8O6T3wrRFRqPG6jCARK37pIPG/stvfHD79gklQVkhO9c5/73XOjge03HbVOxgCHsg3Ux32Hk1Y8wRUSxwiszNZUo0haPPW1x8JNOCpNb5jdQgGPWPncvI8UVUDEoceyi9Y2CYeqe8QRb526DcLMkxSWIGiAB5N7CzjstydlUBIT3hZyxQHwc2PYi722nqKh6e2cQMpzFFbVGhqPFpuggkvIQ3ejlzjKxtOjntxqJGxaAAYQqhe4hwzwYPkZa9+N33ncZYMHFgwFIbGVVneFqRciOJ+tEaSEJhY/J1AwDq6c6nE0moGpD5/8VvT8Ucxb/4GfcASbgaWDB0h/nR6Sa+OL9lhbNBF7RNcq08++Zmh2TUPhaDxFbksuJY7aIkqh4izTOycaeB6dTsKzFCHvHn+pCzPYywQ== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BLAPR10MB5138.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(44832011)(6506007)(6666004)(5660300002)(83380400001)(38100700002)(316002)(6486002)(4326008)(66476007)(66946007)(66556008)(2906002)(6512007)(2616005)(8936002)(26005)(86362001)(36756003)(508600001)(8676002)(107886003)(186003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?+Ezm3WCEvc9T4KHoB5fti1yKc0Z93spty1b7vj9wfM5yWl6p9l/WKyVZoe/K?= =?us-ascii?Q?tT885K95dPTRFUO1e8BUf97cQnhNHWT7nLSgEAJsr5bCSlIe43CrwPaZ68uE?= =?us-ascii?Q?FPt5Rb/80l1AMgBWB+RojupL7y6ru3dDKTES9X6geyqIZB528xfdMbEDvswN?= =?us-ascii?Q?9MmEJfe3fSj3WuZBcJHOFmNgyxvDSzD+wSLGFGXQxI+1oYvLiRCmiKv9PKnI?= =?us-ascii?Q?lqZbtgcm7jMjyXzaQqMZhNwPfFjI3rBu43REhCayRJceS2SLqCcu3sv+0ZE5?= =?us-ascii?Q?bU/z+KcOcNLYG+/TzCPcnJvtrDRMM6i1f7MABvX66VG2IRk32lH3EhxrU02a?= =?us-ascii?Q?jWZXE4iGSWrwo4opk/+7APrBtfsVt6d3TCVdEpc82O7pKncG6Y6wehq8PziM?= =?us-ascii?Q?/WBnSpKTsaVChy/wYUWwtJ642c3kwdfwYx2MIxp4f0iq5eNFGNogsGfeaQLf?= =?us-ascii?Q?+zxkw+Mb4ukMvRqGoGxH8P4AkrDDLkjMn4hIhbtjJG7vrBqcyFlNH8lbGIr/?= =?us-ascii?Q?X6cpygGf84dR5TF7qynt8+SgbfdW6983UjIMs/ke0grpDE+ZXIGkxp8C2hS/?= =?us-ascii?Q?T6kMgsHKs9nkdqPp19PKqUnbUD+gaZeeWj6zV6LjiuvnV3pGDaLgeqxMRC5v?= =?us-ascii?Q?HE40d1K2SClVOjjNufW4TqyBBeadee7HA2LqNCsk8zNG4c396u2uvRaPRx9o?= =?us-ascii?Q?zQnztkBZkEkba8PuS+1XAk+nN9zZmz3ZOie6BXYqSVMDFXkZqnnkdyaYfm7T?= =?us-ascii?Q?qsg2Zt/iLX87reQ0h48uiQHoL5YcDElCPfbBvYv/8R1uhq+zfmelGRWPG1vY?= =?us-ascii?Q?wGteUIXCIpfbFj+MjaTXwnYVUkXtneNHh4q1h35b1MFeKP+dpx7sqpJxMdOO?= =?us-ascii?Q?BrlhejQJV949HSHomweGnh9nJpgOizLlhwQh8D42osauVcDf9ixYhPvaz1WX?= =?us-ascii?Q?3tNUYhn4IOu3XexyvxK9D2OwTeUyOsQnNOc7xnWGKqSNp8O87qjqRY0E6bw1?= =?us-ascii?Q?jBmEQeln5yk4cUS+vxvG39VvpiEL8tC30hl89xPPlgVqUshJIInVoGZkqMeC?= =?us-ascii?Q?pJ0DcOgYgWLxvAGEU3bnLsCtmf50yjeKyS+J+Wp1BSqk+8hPBqWDZve9auof?= =?us-ascii?Q?NGA3DGqBZgKFmlRI7aeZ+VjTAn5DoqbGS7McmMfOCXAaDadgPLjRx6UJkdKG?= =?us-ascii?Q?xp2tu1MUfxV9FOPxQhFfLyoxxt9cuOCXAcd3Oi2lbuMeZO1Yt3MVQcSP3k3L?= =?us-ascii?Q?wtcSYSaEH71SB1SyN8ugnfqzYg44zaG9EiBC/ojIRLqZHHbPVYM1Y6Xnwip8?= =?us-ascii?Q?C13wurvmAWtbofocfYdY7DgwpTBXbEJXLfYNAr8UMF5nPY3R42NmLRLnkMf5?= =?us-ascii?Q?PZAD3pBcpz2qpssZol7UyMB4jyZmffgN10k1B83gGjwko5oUSH4ttSmbsVqe?= =?us-ascii?Q?SrrG32G38kiRlLsG9gvbX97viivjpsWsRmWStLPKPHcU8d65lWBjFRzN0e8Q?= =?us-ascii?Q?yo/XkwSMOULIR2VzS4bCR04n2EwyFZKGpbaB4ASGFCsZyOIpOroaaT4zs7Fq?= =?us-ascii?Q?u1nnQWymzqGM7pHMwTC9yy0wRoAb06QFZg0AZkttxCOogupSwHlSWOdyN4gK?= =?us-ascii?Q?zseaRoc9xBWK1SxNXDpq6zUWzKKrO4eDR/V28Uy90YxUhqsMma9t/MWaTjLI?= =?us-ascii?Q?7GLry3ByQa9nNkTqHLumR7nXX9fteGMpLlreIWhm3hxpWJW4wawYnt9yos28?= =?us-ascii?Q?klj1byGUsoiuMdayGojus4PVcPiuMnU=3D?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 411da8ff-fcc2-4bfb-29cd-08da421b224a X-MS-Exchange-CrossTenant-AuthSource: BLAPR10MB5138.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2022 09:02:33.5213 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OhBxfQe7WQq1YLlr1K2OLDJEzEetoIAmPDjZ2dVJm8iJ+aC/IXXaDvrX+V8y/N3Mhvx/G1RsQk3XYjmYkBwy/w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR10MB5534 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.486, 18.0.874 definitions=2022-05-30_03:2022-05-27, 2022-05-30 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxscore=0 phishscore=0 suspectscore=0 mlxlogscore=971 bulkscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2205300047 X-Proofpoint-ORIG-GUID: JCT1J5N_MxsTihuPc3kRcZaJeiRXYx-8 X-Proofpoint-GUID: JCT1J5N_MxsTihuPc3kRcZaJeiRXYx-8 Received-SPF: pass client-ip=205.220.165.32; envelope-from=darren.kenny@oracle.com; helo=mx0a-00069f02.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2022 09:02:49 -0000 Hi Alec, All of these look great, so: Reviewed-by: Darren Kenny Thanks for looking at the Coverity issues, Darren. On Thursday, 2022-05-26 at 15:29:46 -04, Alec Brown wrote: > Coverity identified several untrusted loop bounds and untrusted allocation size > bugs in grub-core/loader/i386/bsdXX.c and grub-core/loader/multiboot_elfXX.c. > Upon review of these bugs, I found that specific checks weren't being made to > various elf header values based on the elf manual page. The first four patches > in this patch series address the coverity bugs, as well as adds functions to > check for the correct elf header values. The last two patches adds fixes to > previous work done in util/grub-module-verifierXX.c that also relates to making > checks of elf header values. > > The Coverity bugs being addressed are: > CID 314018 > CID 314030 > CID 314031 > CID 314039 > > Alec Brown (6): > grub-core/loader/i386/bsdXX.c: Avoid downcasting (char *) to (Elf_Shdr *) > elf: Validate number of elf section header table entries > elf: Validate elf section header table index for section name string table > elf: Validate number of elf program header table entries > util/grub-module-verifierXX.c: Add e_shoff check in get_shdr() > util/grub-module-verifierXX.c: Changed get_shnum() return type > > grub-core/kern/elf.c | 18 ++++++++++++++++++ > grub-core/kern/elfXX.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > grub-core/loader/i386/bsdXX.c | 142 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------------------------------------- > grub-core/loader/multiboot_elfxx.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------- > include/grub/elf.h | 23 +++++++++++++++++++++++ > util/grub-module-verifierXX.c | 13 +++++++++---- > 6 files changed, 290 insertions(+), 86 deletions(-)