From: "Lothar Waßmann" <LW@KARO-electronics.de>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 10/10] gpt: harden set_gpt_info() against non NULL-terminated strings
Date: Mon, 3 Jul 2017 08:37:11 +0200 [thread overview]
Message-ID: <20170703083711.02c040ce@karo-electronics.de> (raw)
In-Reply-To: <1498949084-28304-1-git-send-email-alison@peloton-tech.com>
Hi,
On Sat, 1 Jul 2017 15:44:44 -0700 alison at peloton-tech.com wrote:
> From: Alison Chaiken <alison@peloton-tech.com>
>
> Strings read from devices may sometimes fail to be
> NULL-terminated. The functions in lib/string.c are subject to
> failure in this case. Protect against observed failures in
> set_gpt_info() by switching to length-checking variants with a length
> limit of the maximum possible partition table length. At the same
> time, add a few checks for NULL string pointers.
>
> Here is an example as observed in sandbox under GDB:
>
> => gpt verify host 0 $partitions
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000477747 in strlen (s=0x0) at lib/string.c:267
> 267 for (sc = s; *sc != '\0'; ++sc)
> (gdb) bt
> #0 0x0000000000477747 in strlen (s=0x0) at lib/string.c:267
> #1 0x00000000004140b2 in set_gpt_info (str_part=<optimized out>,
> str_disk_guid=str_disk_guid at entry=0x7fffffffdbe8, partitions=partitions at entry=0x7fffffffdbd8,
> parts_count=parts_count at entry=0x7fffffffdbcf "", dev_desc=<optimized out>) at cmd/gpt.c:415
> #2 0x00000000004145b9 in gpt_verify (str_part=<optimized out>, blk_dev_desc=0x7fffef09a9d0) at cmd/gpt.c:580
> #3 do_gpt (cmdtp=<optimized out>, flag=<optimized out>, argc=<optimized out>, argv=0x7fffef09a8f0)
> at cmd/gpt.c:783
> #4 0x00000000004295b0 in cmd_call (argv=0x7fffef09a8f0, argc=0x5, flag=<optimized out>,
> cmdtp=0x714e20 <_u_boot_list_2_cmd_2_gpt>) at common/command.c:500
> #5 cmd_process (flag=<optimized out>, argc=0x5, argv=0x7fffef09a8f0,
> repeatable=repeatable at entry=0x726c04 <flag_repeat>, ticks=ticks at entry=0x0) at common/command.c:539
>
> Suggested-by: Lothar Waßmann <LW@karo-electronics.de>
> Signed-off-by: Alison Chaiken <alison@peloton-tech.com>
> ---
> cmd/gpt.c | 28 +++++++++++++++++++---------
> 1 file changed, 19 insertions(+), 9 deletions(-)
>
> diff --git a/cmd/gpt.c b/cmd/gpt.c
> index 73bf273..8bd7bdf 100644
> --- a/cmd/gpt.c
> +++ b/cmd/gpt.c
> @@ -233,7 +233,7 @@ static void print_gpt_info(void)
> }
> }
>
> -#ifdef CONFIG_CMD_GPT_RENAME
> +
> static int calc_parts_list_len(int numparts)
> {
> int partlistlen = UUID_STR_LEN + 1 + strlen("uuid_disk=");
> @@ -253,6 +253,7 @@ static int calc_parts_list_len(int numparts)
> return partlistlen;
> }
>
> +#ifdef CONFIG_CMD_GPT_RENAME
> /*
> * create the string that upstream 'gpt write' command will accept as an
> * argument
> @@ -381,6 +382,7 @@ static int set_gpt_info(struct blk_desc *dev_desc,
> int errno = 0;
> uint64_t size_ll, start_ll;
> lbaint_t offset = 0;
> + int max_str_part = calc_parts_list_len(MAX_SEARCH_PARTITIONS);
>
indentation should use tabs not spaces (scripts/checkpatch.pl would tell
you).
> debug("%s: lba num: 0x%x %d\n", __func__,
> (unsigned int)dev_desc->lba, (unsigned int)dev_desc->lba);
> @@ -398,6 +400,8 @@ static int set_gpt_info(struct blk_desc *dev_desc,
> if (!val) {
> #ifdef CONFIG_RANDOM_UUID
> *str_disk_guid = malloc(UUID_STR_LEN + 1);
> + if (str_disk_guid == NULL)
> + return -ENOMEM;
> gen_rand_uuid_str(*str_disk_guid, UUID_STR_FORMAT_STD);
> #else
> free(str);
> @@ -412,10 +416,14 @@ static int set_gpt_info(struct blk_desc *dev_desc,
> /* Move s to first partition */
> strsep(&s, ";");
> }
> - if (strlen(s) == 0)
> + if (s == NULL) {
> + printf("Error: is the partitions string NULL-terminated?\n");
> + return -EINVAL;
>
dto.
Lothar Waßmann
next prev parent reply other threads:[~2017-07-03 6:37 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-21 2:27 [U-Boot] [PATCH 0/3] add support for GPT partition name manipulation alison at peloton-tech.com
2017-05-21 2:27 ` [U-Boot] [PATCH 1/3] GPT: add accessor function for disk GUID alison at peloton-tech.com
2017-05-26 12:38 ` Tom Rini
2017-05-21 2:27 ` [U-Boot] [PATCH 2/3] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-05-26 12:39 ` Tom Rini
2017-05-21 2:27 ` [U-Boot] [PATCH 3/3] rename GPT partitions to detect boot failure alison at peloton-tech.com
2017-05-26 12:39 ` Tom Rini
2017-05-29 9:25 ` Lothar Waßmann
2017-05-26 12:38 ` [U-Boot] [PATCH 0/3] add support for GPT partition name manipulation Tom Rini
2017-05-29 16:49 ` [U-Boot] [PATCH v2 0/6] " alison at peloton-tech.com
2017-05-29 16:49 ` [U-Boot] [PATCH v2 1/6] EFI: replace number with UUID_STR_LEN macro alison at peloton-tech.com
2017-05-31 2:07 ` Tom Rini
2017-05-31 7:37 ` Lukasz Majewski
2017-05-29 16:49 ` [U-Boot] [PATCH v2 2/6] disk_partition: introduce macros for description string lengths alison at peloton-tech.com
2017-05-31 7:37 ` Lukasz Majewski
2017-05-31 13:50 ` Tom Rini
2017-05-29 16:49 ` [U-Boot] [PATCH v2 3/6] GPT: add accessor function for disk GUID alison at peloton-tech.com
2017-05-30 6:46 ` Lothar Waßmann
2017-06-03 2:22 ` [U-Boot] [PATCH v3 0/5] add support for GPT partition name manipulation alison at peloton-tech.com
2017-06-03 2:22 ` [U-Boot] [PATCH v3 1/5] GPT: add accessor function for disk GUID alison at peloton-tech.com
2017-06-06 8:20 ` Lothar Waßmann
2017-06-10 5:27 ` [U-Boot] [PATCH v5 1/3] " alison at peloton-tech.com
2017-06-11 13:38 ` Tom Rini
2017-06-03 2:22 ` [U-Boot] [PATCH v3 2/5] partitions: increase MAX_SEARCH_PARTITIONS and move to part.h alison at peloton-tech.com
2017-06-03 11:52 ` Lukasz Majewski
2017-06-03 2:22 ` [U-Boot] [PATCH v3 3/5] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-06-06 8:28 ` Lothar Waßmann
2017-06-10 5:30 ` [U-Boot] [PATCH v5 2/3] " alison at peloton-tech.com
2017-06-11 13:38 ` Tom Rini
2017-06-06 10:43 ` [U-Boot] [PATCH v3 3/5] " Lothar Waßmann
2017-06-03 2:22 ` [U-Boot] [PATCH v3 4/5] rename GPT partitions to detect boot failure alison at peloton-tech.com
2017-06-06 8:20 ` Lothar Waßmann
2017-06-10 5:35 ` [U-Boot] [PATCH v5 3/3] " alison at peloton-tech.com
2017-06-10 6:51 ` Wolfgang Denk
2017-06-10 23:27 ` Alison Chaiken
2017-06-10 23:33 ` [U-Boot] [PATCH v6 3/3] GPT: provide commands to selectively rename partitions alison at peloton-tech.com
2017-06-11 13:38 ` Tom Rini
2017-06-11 16:03 ` [U-Boot] [PATCH v7] " alison at peloton-tech.com
2017-06-12 7:45 ` [U-Boot] [PATCH v6 3/3] " Wolfgang Denk
2017-06-12 14:24 ` Alison Chaiken
2017-06-12 14:56 ` Tom Rini
2017-06-18 11:08 ` Wolfgang Denk
2017-06-25 23:43 ` [U-Boot] [PATCH v7 0/9] add support for GPT partition name manipulation alison at peloton-tech.com
2017-06-25 23:43 ` [U-Boot] [PATCH v7 1/9] EFI: replace number with UUID_STR_LEN macro alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 2/9] disk_partition: introduce macros for description string lengths alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 3/9] GPT: fix error in partitions string doc alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 4/9] sandbox: README: fix partition command invocation alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 5/9] cmd gpt: test in sandbox alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot,v7,5/9] " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 6/9] partitions: increase MAX_SEARCH_PARTITIONS and move to part.h alison at peloton-tech.com
2017-08-07 13:54 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 7/9] GPT: add accessor function for disk GUID alison at peloton-tech.com
2017-08-07 13:55 ` [U-Boot] [U-Boot, v7, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 8/9] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-06-26 7:34 ` Lothar Waßmann
2017-07-01 22:42 ` [U-Boot] [PATCH v8 8/10] " alison at peloton-tech.com
2017-07-03 6:52 ` Lothar Waßmann
2017-07-04 18:18 ` [U-Boot] [PATCH v8 08/10] " alison at peloton-tech.com
2017-08-07 13:55 ` [U-Boot] [U-Boot, v8, " Tom Rini
2017-06-25 23:43 ` [U-Boot] [PATCH v7 9/9] GPT: provide commands to selectively rename partitions alison at peloton-tech.com
2017-06-26 1:52 ` Bin Meng
2017-06-26 2:11 ` alison at peloton-tech.com
2017-06-26 7:55 ` Lothar Waßmann
2017-07-01 22:44 ` [U-Boot] [PATCH 09/10] " alison at peloton-tech.com
2017-06-18 11:03 ` [U-Boot] [PATCH v6 3/3] " Wolfgang Denk
2017-06-25 21:54 ` Alison Chaiken
2017-06-26 22:47 ` Tom Rini
2017-06-27 7:05 ` Lothar Waßmann
2017-06-27 9:12 ` Lothar Waßmann
2017-07-01 22:44 ` [U-Boot] [PATCH 10/10] gpt: harden set_gpt_info() against non NULL-terminated strings alison at peloton-tech.com
2017-07-03 6:37 ` Lothar Waßmann [this message]
2017-07-04 18:19 ` [U-Boot] [PATCH v2 " alison at peloton-tech.com
2017-08-07 13:55 ` [U-Boot] [U-Boot, v2, " Tom Rini
2017-07-01 22:36 ` [U-Boot] [PATCH v6 3/3] GPT: provide commands to selectively rename partitions Alison Chaiken
2017-07-03 6:40 ` Lothar Waßmann
2017-07-04 18:19 ` [U-Boot] [PATCH v8 09/10] " alison at peloton-tech.com
2017-08-07 13:55 ` [U-Boot] [U-Boot, v8, " Tom Rini
2017-06-03 2:22 ` [U-Boot] [PATCH v3 5/5] GPT: fix error in partitions string doc alison at peloton-tech.com
2017-06-03 11:48 ` [U-Boot] [PATCH v3 0/5] add support for GPT partition name manipulation Lukasz Majewski
2017-05-31 7:44 ` [U-Boot] [PATCH v2 3/6] GPT: add accessor function for disk GUID Lukasz Majewski
2017-05-31 8:47 ` Lothar Waßmann
2017-05-29 16:49 ` [U-Boot] [PATCH v2 4/6] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-05-30 7:37 ` Lothar Waßmann
2017-06-01 6:34 ` Chaiken, Alison
2017-06-01 9:48 ` Lothar Waßmann
2017-05-31 7:48 ` Lukasz Majewski
2017-05-31 8:48 ` Lothar Waßmann
2017-05-31 11:11 ` Lukasz Majewski
2017-05-31 13:42 ` Lothar Waßmann
2017-05-31 14:07 ` Lukasz Majewski
2017-05-29 16:49 ` [U-Boot] [PATCH v2 5/6] rename GPT partitions to detect boot failure alison at peloton-tech.com
2017-05-30 7:38 ` Lothar Waßmann
2017-05-31 8:12 ` Lukasz Majewski
2017-06-01 7:04 ` Chaiken, Alison
2017-06-01 8:21 ` Lukasz Majewski
2017-06-01 15:06 ` Chaiken, Alison
2017-06-01 18:20 ` Lukasz Majewski
2017-06-04 22:11 ` [U-Boot] [PATCH v4 0/5] add support for GPT partition name manipulation alison at peloton-tech.com
2017-06-04 22:11 ` [U-Boot] [PATCH v4 1/5] GPT: read partition table from device into a data structure alison at peloton-tech.com
2017-06-04 22:11 ` [U-Boot] [PATCH v4 2/5] rename GPT partitions to detect boot failure alison at peloton-tech.com
2017-06-04 22:11 ` [U-Boot] [PATCH v4 3/5] GPT: fix error in partitions string doc alison at peloton-tech.com
2017-06-04 22:11 ` [U-Boot] [PATCH 4/5] sandbox: README: fix partition command invocation alison at peloton-tech.com
2017-06-09 12:28 ` Simon Glass
2017-06-15 19:21 ` sjg at google.com
2017-06-04 22:11 ` [U-Boot] [PATCH 5/5] cmd gpt: test in sandbox alison at peloton-tech.com
2017-06-15 19:21 ` sjg at google.com
2017-08-27 23:02 ` [U-Boot] [PATCH v2 5/6] rename GPT partitions to detect boot failure Chaiken, Alison
2017-08-28 7:54 ` Łukasz Majewski
2017-08-28 11:16 ` Tom Rini
2017-05-29 16:49 ` [U-Boot] [PATCH v2 6/6] GPT: fix error in partitions string doc alison at peloton-tech.com
2017-05-31 8:14 ` Lukasz Majewski
2017-05-31 11:21 ` Lukasz Majewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170703083711.02c040ce@karo-electronics.de \
--to=lw@karo-electronics.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox