From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1njdTa-0003Xa-PZ for mharc-grub-devel@gnu.org; Wed, 27 Apr 2022 04:56:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37682) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njdTX-0003Wb-5I for grub-devel@gnu.org; Wed, 27 Apr 2022 04:56:45 -0400 Received: from mx0a-00069f02.pphosted.com ([205.220.165.32]:2890) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njdTT-0001Af-9A for grub-devel@gnu.org; Wed, 27 Apr 2022 04:56:42 -0400 Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 23R63gqQ032179 for ; Wed, 27 Apr 2022 08:56:21 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : in-reply-to : references : date : message-id : content-type : mime-version; s=corp-2021-07-09; bh=Nfh9PJTDDdEr0ZUXWCuvQRJBgYr8BM1IJIpRABN41IE=; b=Ur8ZiVl9w+0ozevTLm81nuucqEpSSvgzLEyTvq5HLUoefm4T2p6ZqHg/3Mx2yOjjayAG d+XSqnHyG5+sm0OgMqVvkaGoF/FdulShC9H0TYpNaEF7YMuUEF2wALh2w1rXYNuCssxc +I9AVsnVaMYS3ux9Nk4d/PvHF2rAXmJiYqmoLOQx7px8Us9VwmsSJN15X1qCCeqweB3O l4ca2wjjEU2EpmdEgQJeIKDo9x5uPyVx79mJ7XQBzZD9OyoivsqiT16IwLd5KghB+xD3 xybQ50EDPSAoht3FSvrFKnxyTd42T2ipuwhWsXPKOiNXw30NObXPtosMzFS34R193FL1 og== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3fmb1003ud-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 27 Apr 2022 08:56:21 +0000 Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.16.1.2/8.16.1.2) with SMTP id 23R8u75D022923 for ; Wed, 27 Apr 2022 08:56:19 GMT Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam07lp2043.outbound.protection.outlook.com [104.47.51.43]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com with ESMTP id 3fm7w4c9ju-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 27 Apr 2022 08:56:19 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TkNuSNmqR2gnhYfIurtH53oMKPwbpCBrefWjjMSm/9Tz15eK5PGd8yg67XNNomfiFS67o/PdYk3Nt3rTh7SX4TYDX2tFnrSqHh1q+bySsqvTBhGOghXeX1rSWT7mlytgBW3fAjtpDJarxElXkJTEFkzZTQSFDVw7+9BLhZc1HmnFUfcpUSLIP9bQnBK2hmpg5x4LRjuTBfeto/FAfqisErhvTFCbdotukhdtu4R8YTBGfVvlLCRNcqf2vjj4WXGqqu9Af1ZcMJNpAxYjVbX2IS6JgDrGulMr8zI9FfAzrP4Ey8C+gV1OPIDSf0oOdswInWLNhZoUHiq/cFT0xxu1Cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Nfh9PJTDDdEr0ZUXWCuvQRJBgYr8BM1IJIpRABN41IE=; b=M2539EryMQM0XmntWuhHU+f8UTyPa8n8M3djuO1r80/Ac8o1dRm7w4fHpTMqhxB6QxLUmgE9tPfdv/bD+amfCFI3KK38o0lEMLzHwI9lktfoYFk8k98OrxLIfENmUthoR9KCJfpH1zqsefMZtHtONdGrmTP5vSZ7Xj26OS3AL8nuhmay9vBa7pbR/K0t6eCTQfxUBssyIPa2qmyDqjyuneqWJ+M4UsBuuR/wEzR9ZP7pPUphEtJNoJYQxTo5n4P4BqXlAvGZl3ftCk6X+7hsxvhEY1mY9IfnSi8O7dpRXVmnRTKFH07BjV6GD38qugVWW/YpHsgvADQq3O82AZz5nw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Nfh9PJTDDdEr0ZUXWCuvQRJBgYr8BM1IJIpRABN41IE=; b=oNMywnUk6cFrAVhzGw/4t55bEOS/FrcysYU+8WcelkBy0SwVBtWZpO4xLJCPP8viyg9aUlPBMABNHNcS22eoMk5l8aL94yEAcjJYRxRrURlfgABzyDxPuG/JDMEqEiEytmsB1QzvWp0PoiY+OV4hqg0bBWyeZRkjIzE0HbkrUSA= Received: from BN0PR10MB5144.namprd10.prod.outlook.com (2603:10b6:408:127::18) by BN6PR1001MB2051.namprd10.prod.outlook.com (2603:10b6:405:2d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.12; Wed, 27 Apr 2022 08:56:17 +0000 Received: from BN0PR10MB5144.namprd10.prod.outlook.com ([fe80::4123:95bf:caff:498f]) by BN0PR10MB5144.namprd10.prod.outlook.com ([fe80::4123:95bf:caff:498f%7]) with mapi id 15.20.5206.013; Wed, 27 Apr 2022 08:56:17 +0000 From: Darren Kenny To: Alec Brown , grub-devel@gnu.org Cc: daniel.kiper@oracle.com, alec.r.brown@oracle.com Subject: Re: [PATCH v3 0/5] Fix coverity bugs and add checks for elf values in grub-core In-Reply-To: <1650507797-12137-1-git-send-email-alec.r.brown@oracle.com> References: <1650507797-12137-1-git-send-email-alec.r.brown@oracle.com> Date: Wed, 27 Apr 2022 09:56:12 +0100 Message-ID: Content-Type: text/plain X-ClientProxiedBy: DB6P193CA0009.EURP193.PROD.OUTLOOK.COM (2603:10a6:6:29::19) To BN0PR10MB5144.namprd10.prod.outlook.com (2603:10b6:408:127::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3ae533d5-2878-42c8-8d83-08da282bcaa6 X-MS-TrafficTypeDiagnostic: BN6PR1001MB2051:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: oAW8kyyr+DWFHfPZoEVgQJwJFDmVw3q30mSyTNdF/55oJmn7BNkSI8JfiThMTjZo3BYI/0wxRU0/iPl/hPr6kHTeZQ2U4vGGL7vuvV1W7cWjzqcXd3+habxls62gHfEzFYnesok81mY4mfqnjPbtGDSftYAUW6xHBnCcnMYUNJFO9cDz7EkSUFLZMwz9jTi+UeJ26ulVKxO51fav6kpDlWUYzqv+Et7NwuvqxPTTSVBxxWn04AZmQKi4h//D0XjnsYAsZ/1/CceGqFEF11xEG/Sm0+Y5StHFVOSDPH3CPt4OXPH6DKLdmrJIILPZgL9VET7ui9Uhu4GIt99hnAcQnBwG4SydY4cFqhOzrbc9QuCMcUAPhSoO3C3QMIqeTbDRgH/48lXpig+ZCJ02BDaXdZAGPcHRfrxvyNPJNK/OZ8atE+oHlmvzhKkkAE7KvAyBU7Kni8UMtf78W5E5Jets5/Nl30cVklh55u2EOfUltuLSD69r+1PIurBzqXKbfuC0vIok39DGLPvnMOTSKCTEAUkc9/PFpQGMHiziyAB614xSLKMUl+k76ebi/4aAtalRocN12M2yMbtsL09nUMfCO21YUxSaqLFUW/eVVF3WNRZB3HrC0vcx2XX/h8UAUr0PNfNsquiMpwO8gR1oaePZDiCXvItLq7W49iKeOtW5TDGq0MG9MYzu3iH1GdHFPY684Q4b/BIW+IEvieOKPcnUTw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0PR10MB5144.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(2616005)(186003)(316002)(26005)(38100700002)(86362001)(2906002)(5660300002)(38350700002)(107886003)(6486002)(36756003)(508600001)(66946007)(52116002)(66556008)(66476007)(44832011)(8936002)(83380400001)(6666004)(6512007)(8676002)(6506007)(4326008); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?PD1uC/bJrKPla4kZ092QluGwjGFKXA299gJvI6yZHyfdh4zLGtqWOqgMr/ti?= =?us-ascii?Q?tSHcty5McMDCX7Ch536HaBIO8DAPuAosD9aiFsqEJozvKC3CZ62vIUW4osAa?= =?us-ascii?Q?tU6WvqTIUQOVToIdRqsYXVzH8uqif5BI9vYoWpq8crDbU5Gd7f8v5uRaYtv/?= =?us-ascii?Q?KaIZ0fVdGljZhxT2lbF8bwkZbVmxqPJD7cCHdKgm2e1zocACKL23YZkM3ak7?= =?us-ascii?Q?yX9tBAh2f3GOcm7tCeo59MnSzjkKKmcB0LoPTk3d4IufJjCl1luBJyZVqhoh?= =?us-ascii?Q?KRnWsrI15jOzbh9/Sz9cdOP1f+wgAH4PiimVsFn7XErYTiu/iOavsNo1XM9S?= =?us-ascii?Q?+X2rLo1b4rVTndgYoNMYEbrQeAN51D3Ms2LZN0sgsQO+DylFi6baiLwYnnB9?= =?us-ascii?Q?tgLJ+EdTEZTa9pajsvtlKzrijCXifB/1ipSspqmuv6EBIbnVnWEYH9zTLplI?= =?us-ascii?Q?J+VJXhIP3vJdnjyiTIa1QZetKDwCC6cIoFCOBfUr0ds/1yyrxgEOGTxFG4e8?= =?us-ascii?Q?/MzwwMe2WFzt6FRs8KHhCy89L/P8AZyUbD/TtHqY+INM24z8POmMdAaFTt19?= =?us-ascii?Q?s6R3ZVMgxnMjRH9A034JGt2tne3SB690C7aHagj00IGXEnIdS6UUnWiaEGEz?= =?us-ascii?Q?9/d88W2xwWEs4hQTH/ybKAGCSGIKV/sRCgaWIsrkSAXuO/PySHvk+QgKvFYg?= =?us-ascii?Q?+g9JMPw7aUTV/bgC5GNeLnx5RVcGhFy5tbiuZzphR/hq1HGjIlyyG1CWkM6H?= =?us-ascii?Q?8veQL5bUWu+ca13xj5xzUwEIXbHcDEzazyUI3YD6MA/5S5ePe5maiKmZrz1d?= =?us-ascii?Q?hU0/ugTpKEOJ0Xw1G1yn5tonakb/gJ/kmDvtxPOMeVwnmCDd10OiCovHTT+I?= =?us-ascii?Q?6QSGIyNI/ni7TrNmO8Igmm+p1+FkViO/zQ+h/MzSjWIsxG0gqKv8qPZD8FN6?= =?us-ascii?Q?IS2bb1YMp4buYA7ZIWD5U/Xz8tKXk8gftH4iL0IzC75w39aE9VktWFRj1hIa?= =?us-ascii?Q?hMUv7E0g9fuGXHEzQZgZBHQxOqwGuo0YD3aD/x8MQPL66VOguyki0Szu6a5N?= =?us-ascii?Q?ErXjcShJtXhaFjSVgnWCK2GZoyoIEEsENq/vnb7nmYoGpzEABCWl6leXNMnB?= =?us-ascii?Q?nKgUfW5yaayNqAwH2jWebVn17B8se82xNor/VLgMmIRpgp1VlJbt51uWIcf4?= =?us-ascii?Q?drmDrePPsJZ9Gg1QCEVk0xp1OzrMUqZGtdKZrtcOtcpQxmPHKg+NU9rtPh6C?= =?us-ascii?Q?O6bAVqhPjKjUM1lFFDSpq8oxGolJb9zh9OqzLEjuCPIYY6AgkusYoqSQEXJQ?= =?us-ascii?Q?dmRf0QzvwlzXYACLpLJPLPiR+PQfkxsgDFr8ppArOZV3aF87nfXwEasd3iR2?= =?us-ascii?Q?/x7to1RoR9WsijxgiPLpFRvy1OSYPFE+O00ePhitHnQQjxoiniKAnZOyxH8L?= =?us-ascii?Q?IU8o5Jfz9myXAtABzXXYcktP7uMnkLAjl2ql6vq7y6Z/Zi9jUNKzSbWLTnCh?= =?us-ascii?Q?yrsLUUzBwQimpxptbIacMVFl4YTgk1B03EZfuSKUgND1fPryCxifsb6fNq9V?= =?us-ascii?Q?lca5WxG+PnFOFKMjjF6hf8F93LxD3I1ajoXUSa3U8NDj5XmBM65PUYCuEHV3?= =?us-ascii?Q?3OuVwkjFGfN5r89Hh4gspRctit2mjj9MkZCjTC1SSJM0x4Fw3iX64YRMWZQQ?= =?us-ascii?Q?BRnG9LyP9ZWcBmyJg9vgFX6AU81xi02M6q8ezktqb+2zsV3/Jsw+0G8OiQdd?= =?us-ascii?Q?h12xLMfD4wrS/dRAEfEqOLvfvzn5gbo=3D?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3ae533d5-2878-42c8-8d83-08da282bcaa6 X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5144.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Apr 2022 08:56:17.7307 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FjyYS2fCus9Otjln47Kx0cmt+ubCbErfCpWOsHRLPzhzoUp+B+24GtIyYr0k7WfQFfYPcvNjkaF8ilv76wC1Eg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR1001MB2051 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.486, 18.0.858 definitions=2022-04-27_03:2022-04-26, 2022-04-27 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxlogscore=964 malwarescore=0 mlxscore=0 phishscore=0 bulkscore=0 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2204270059 X-Proofpoint-ORIG-GUID: F5RYoOhbZpSmcZGdA5DI3cqobxZikWx4 X-Proofpoint-GUID: F5RYoOhbZpSmcZGdA5DI3cqobxZikWx4 Received-SPF: pass client-ip=205.220.165.32; envelope-from=darren.kenny@oracle.com; helo=mx0a-00069f02.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2022 08:56:45 -0000 Hi Alec, This all looks good to me, so for the series: Reviewed-by: Darren Kenny Thanks, Darren. On Wednesday, 2022-04-20 at 22:23:12 -04, Alec Brown wrote: > v3: Added check for e_shoff, made starting words lowercase in error messages, > and added comment to why return pointers are set to 0. > > Coverity identified several untrusted loop bounds and untrusted allocation size > bugs in grub-core/loader/i386/bsdXX.c and grub-core/loader/multiboot_elfXX.c. > Upon review of these bugs, I found that specific checks weren't being made to > various elf header values based on the elf manual page. This patch series > addresses the coverity bugs, as well as adds functions to check for the correct > elf header values. > > The Coverity bugs being addressed are: > CID 314018 > CID 314030 > CID 314031 > CID 314039 > > Alec Brown (5): > grub-core/loader/i386/bsdXX.c: Avoid downcasting (char *) to (Elf_Shdr *) > elf: Validate number of elf section header table entries > elf: Validate elf section header table index for section name string table > elf: Validate number of elf program header table entries > util/grub-module-verifierXX.c: Add e_shoff check in get_shdr() > > grub-core/kern/elf.c | 15 +++++++++++++++ > grub-core/kern/elfXX.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > grub-core/loader/i386/bsdXX.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------------------------- > grub-core/loader/multiboot_elfxx.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++------------------------- > include/grub/elf.h | 18 ++++++++++++++++++ > util/grub-module-verifierXX.c | 3 +++ > 6 files changed, 273 insertions(+), 77 deletions(-)