Kezdőlap Felfedezés Súgó
Bejelentkezés
libreboot
/
lbmk
Figyelés 8
Kedvenc 12
Másolás 18
Fájlok Problémák 61 Beolvasztási kérések 1
Branch: quackboot
Branch-ok Tag-ek
lbmk
/
config
/
coreboot
/
coreboot413
/
patches
/
0001-cbfstool-Make-use-of-spurious-null-termination.patch

0001-cbfstool-Make-use-of-spurious-null-termination.patch 2.0 KB
Állandó hivatkozás Előzmények Nyers

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. From f22f408956bf02609a96b7d72fb3321da159bfc6 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Nico Huber <nico.huber@secunet.com>
    3. 

  3. Date: Tue, 22 Jun 2021 13:49:44 +0000
    4. 

  4. Subject: [PATCH 1/1] cbfstool: Make use of spurious null-termination
    5. 

  5. 

  6. The null-termination of `filetypes` was added after the code was
    7. 

  7. written, obviously resulting in NULL dereferences. As some more
    8. 

  8. code has grown around the termination, it's hard to revert the
    9. 

  9. regression, so let's update the code that still used the array
    10. 

  10. length.
    11. 

  11. 

  12. This fixes commit 7f5f9331d1 (util/cbfstool: fix buffer over-read)
    13. 

  13. which actually did fix something, but only one path while it broke
    14. 

  14. two others. We should be careful with fixes, they can always break
    15. 

  15. something else. Especially when a dumb tool triggered the patching
    16. 

  16. it seems likely that fewer people looked into related code.
    17. 

  17. 

  18. Change-Id: If2ece1f5ad62952ed2e57769702e318ba5468f0c
    19. 

  19. Signed-off-by: Nico Huber <nico.huber@secunet.com>
    20. 

  20. Reviewed-on: https://review.coreboot.org/c/coreboot/+/55763
    21. 

  21. Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
    22. 

  22. Reviewed-by: Julius Werner <jwerner@chromium.org>
    23. 

  23. ---
    24. 

  24.  util/cbfstool/common.c | 8 ++++----
    25. 

  25.  1 file changed, 4 insertions(+), 4 deletions(-)
    26. 

  26. 

  27. diff --git a/util/cbfstool/common.c b/util/cbfstool/common.c
    28. 

  28. index e2ed38ffc4..539d0baccf 100644
    29. 

  29. --- a/util/cbfstool/common.c
    30. 

  30. +++ b/util/cbfstool/common.c
    31. 

  31. @@ -168,10 +168,10 @@ void print_supported_architectures(void)
    32. 

  32.  
    33. 

  33.  void print_supported_filetypes(void)
    34. 

  34.  {
    35. 

  35. -	int i, number = ARRAY_SIZE(filetypes);
    36. 

  36. +	int i;
    37. 

  37.  
    38. 

  38. -	for (i=0; i<number; i++) {
    39. 

  39. -		printf(" %s%c", filetypes[i].name, (i==(number-1))?'\n':',');
    40. 

  40. +	for (i=0; filetypes[i].name; i++) {
    41. 

  41. +		printf(" %s%c", filetypes[i].name, filetypes[i + 1].name ? ',' : '\n');
    42. 

  42.  		if ((i%8) == 7)
    43. 

  43.  			printf("\n");
    44. 

  44.  	}
    45. 

  45. @@ -180,7 +180,7 @@ void print_supported_filetypes(void)
    46. 

  46.  uint64_t intfiletype(const char *name)
    47. 

  47.  {
    48. 

  48.  	size_t i;
    49. 

  49. -	for (i = 0; i < (sizeof(filetypes) / sizeof(struct typedesc_t)); i++)
    50. 

  50. +	for (i = 0; filetypes[i].name; i++)
    51. 

  51.  		if (strcmp(filetypes[i].name, name) == 0)
    52. 

  52.  			return filetypes[i].type;
    53. 

  53.  	return -1;
    54. 

  54. -- 
    55. 

  55. 2.39.2
    56. 

  56. 

  57.