proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-26 15:15:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
42facd5772
grub2/include/grub
History
Thomas Frauendorfer | Miray Software 83603bea6c kern/misc: Add function to check printf() format against expected format 
The grub_printf_fmt_check() function parses the arguments of an untrusted
printf() format and an expected printf() format and then compares the
arguments counts and arguments types. The arguments count in the untrusted
format string must be less or equal to the arguments count in the expected
format string and both arguments types must match.

To do this the parse_printf_arg_fmt() helper function is extended in the
following way:

  1. Add a return value to report errors to the grub_printf_fmt_check().

  2. Add the fmt_check argument to enable stricter format verification:
     - the function expects that arguments definitions are always
       terminated by a supported conversion specifier.
     - positional parameters, "$", are not allowed, as they cannot be
       validated correctly with the current implementation. For example
       "%s%1$d" would assign the first args entry twice while leaving the
       second one unchanged.
     - Return an error if preallocated space in args is too small and
       allocation fails for the needed size. The grub_printf_fmt_check()
       should verify all arguments. So, if validation is not possible for
       any reason it should return an error.
     This also adds a case entry to handle "%%", which is the escape
     sequence to print "%" character.

  3. Add the max_args argument to check for the maximum allowed arguments
     count in a printf() string. This should be set to the arguments count
     of the expected format. Then the parse_printf_arg_fmt() function will
     return an error if the arguments count is exceeded.

The two additional arguments allow us to use parse_printf_arg_fmt() in
printf() and grub_printf_fmt_check() calls.

When parse_printf_arg_fmt() is used by grub_printf_fmt_check() the
function parse user provided untrusted format string too. So, in
that case it is better to be too strict than too lenient.

Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-02 15:54:20 +01:00
..
arc arc: Do not create spurious variable grub_arc_memory_type_t. 2017-08-30 15:18:24 +02:00
arm include/grub/arm/system.h: Include missing <grub/symbol.h> header 2020-11-20 15:33:40 +01:00
arm64 include/grub/arm64/linux.h: Include missing <grub/types.h> header 2020-11-20 15:33:40 +01:00
coreboot coreboot: Split parts that are platform-independent. 2017-05-08 19:10:24 +02:00
efi kern/efi: Add initial stack protector implementation 2021-03-02 15:54:19 +01:00
efiemu Fix packed-not-aligned error on GCC 8 2018-04-04 21:51:42 +02:00
emu calloc: Make sure we always have an overflow-checking calloc() available 2020-07-29 16:55:47 +02:00
gcry Import gcrypt public-key cryptography and implement signature checking. 2013-01-11 21:32:42 +01:00
gcrypt Remove autogenerated files from VCS 2013-01-12 16:17:31 +01:00
i386 loader/linux: Report the UEFI Secure Boot status to the Linux kernel 2020-12-12 01:19:03 +01:00
ia64 ia64: Add support for R_IA64_GPREL64I. 2017-01-31 12:39:01 +01:00
ieee1275 ieee1275: obdisk driver 2019-03-12 20:04:07 +01:00
lib verifiers: Add possibility to verify kernel and modules command lines 2018-11-09 13:25:31 +01:00
mips multiboot fixup 2017-08-14 16:24:05 +02:00
net Add Virtual LAN support. 2017-05-03 13:03:50 +02:00
osdep grub-editenv: Add grub_util_readlink() 2020-02-18 15:14:13 +01:00
powerpc * grub-core/lib/powerpc/setjmp.S (grub_setjmp): Save r31. 2013-11-18 02:35:32 +01:00
riscv32 RISC-V: Add auxiliary files 2019-02-25 14:01:59 +01:00
riscv64 RISC-V: Add auxiliary files 2019-02-25 14:01:59 +01:00
sparc64 ieee1275: Include a.out header in assembly of sparc64 boot loader 2019-03-28 11:35:12 +01:00
uboot uboot: Add the missing disk write operation support 2019-01-22 15:23:51 +01:00
util shim_lock: Only skip loading shim_lock verifier with explicit consent 2021-03-02 15:54:19 +01:00
x86_64 asm: Replace "__asm__ __volatile__" with "asm volatile" 2019-03-12 20:04:07 +01:00
xen xen: modify page table construction 2016-10-27 16:22:06 +02:00
zfs zfs: Fix gcc10 error -Werror=zero-length-bounds 2020-03-31 12:17:03 +02:00
acorn_filecore.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
acpi.h acpi: Fix gcc9 error -Waddress-of-packed-member 2019-04-23 11:37:08 +02:00
aout.h aout.h: Fix missing include. 2018-03-05 13:44:55 +01:00
archelp.h Support for cbfs. Also factor out the part which is common 2013-06-16 00:06:13 +02:00
at_keyboard.h at_keyboard: Fix falco chromebook case. 2017-05-09 14:27:52 +02:00
ata.h Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
auth.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
autoefi.h Remove grub_efi_allocate_pages. 2017-08-07 18:33:29 +02:00
backtrace.h Several cleanups 2012-02-26 19:10:52 +01:00
bitmap_scale.h * grub-core/gfxmenu/theme_loader.c: New global options for the 2013-10-02 18:17:33 +04:00
bitmap.h Detach optional parts of gfxterm and integrate in with coreboot init. 2013-05-31 00:42:33 +02:00
boottime.h * include/grub/boottime.h: Add missing file. 2013-03-20 16:58:07 +01:00
bsdlabel.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
btrfs.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
buffer.h kern/buffer: Add variable sized heap buffer 2021-03-02 15:54:19 +01:00
bufio.h verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
cache.h ia64: build fix in cache.h 2019-06-07 15:37:55 +02:00
cbfs_core.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
charset.h * grub-core/commands/cat.c: Show UTF-8 characters. 2013-05-08 11:09:08 +02:00
cmos.h * include/grub/cmos.h: Handle high CMOS addresses on sparc64. 2013-03-02 23:59:05 +01:00
color.h Detach optional parts of gfxterm and integrate in with coreboot init. 2013-05-31 00:42:33 +02:00
command.h kern: Add lockdown support 2021-03-02 15:54:15 +01:00
compiler-rt-emu.h RISC-V: Add __clzdi2 symbol 2019-09-23 13:17:15 +02:00
compiler-rt.h mips: Enable __clzdi2() 2020-12-18 23:04:36 +01:00
compiler.h safemath: Add some arithmetic primitives that check for overflow 2020-07-29 16:55:47 +02:00
crypto.h crypto: Remove GPG_ERROR_CFLAGS from gpg_err_code_t enum 2020-09-18 22:31:30 +02:00
cryptodisk.h cryptodisk: Properly handle non-512 byte sized sectors 2020-12-12 01:19:05 +01:00
cs5536.h Some CS5536 code 2011-10-01 22:51:12 +02:00
datetime.h * include/grub/datetime.h (grub_datetime2unixtime): Fix unixtime 2013-03-10 19:19:21 +01:00
decompressor.h MAke a separate scratch for decompressor 2010-09-21 19:39:51 +02:00
deflate.h Implement Truecrypt ISO loader. 2013-12-17 14:45:46 +01:00
device.h Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
disk.h luks2: Better error handling when setting up the cryptodisk 2020-12-18 23:00:28 +01:00
diskfilter.h btrfs: Make more generic the code for RAID 6 rebuilding 2018-10-31 12:07:29 +01:00
dl.h dl: Only allow unloading modules that are not dependencies 2021-03-02 15:54:15 +01:00
dma.h arm_coreboot: Support DMA. 2017-05-08 22:06:04 +02:00
elf.h elf.h: Add RISC-V definitions 2019-02-25 11:28:44 +01:00
elfload.h verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
env_private.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
env.h * grub-core/kern/env.c, include/grub/env.h: Change iterator through 2013-03-03 01:34:27 +01:00
err.h Propagate GNU_PRINTF from gnulib vfprintf 2019-03-26 15:08:00 +01:00
exfat.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
extcmd.h kern: Add lockdown support 2021-03-02 15:54:15 +01:00
fat.h chainloader: Fix wrong break condition (must be AND not, OR) 2018-02-23 22:32:55 +01:00
fbblit.h Move blit and fill dispatcher to appropriate files to decrease export 2013-05-30 22:06:28 +02:00
fbfill.h * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
fbutil.h Detach optional parts of gfxterm and integrate in with coreboot init. 2013-05-31 00:42:33 +02:00
fdt.h linux, efi, arm*, fdt: Break FDT extra allocation space out into a #define 2019-01-23 10:16:32 +01:00
fdtbus.h fdtbus: Add ability to send/receive messages on parent busses. 2017-05-09 08:43:20 +02:00
file.h fdt: Treat device tree file type like ACPI 2019-02-25 14:02:06 +01:00
fileid.h Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
font.h * grub-core/font/font.c, include/grub/font.h: Inline simple font 2013-05-30 21:58:24 +02:00
fontformat.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
fs.h Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
fshelp.h fshelp: Add handling of "." and ".." and grub_fshelp_find_file_lookup. 2015-07-27 12:45:35 +02:00
gdb.h Adjust types in gdb module to have intended unsigned shifts rather than 2013-03-10 18:36:39 +01:00
gfxmenu_model.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
gfxmenu_view.h * grub-core/gfxmenu/theme_loader.c: New global options for the 2013-10-02 18:17:33 +04:00
gfxterm.h Detach optional parts of gfxterm and integrate in with coreboot init. 2013-05-31 00:42:33 +02:00
gfxwidgets.h Take into account the decorations the computing menu entry width. 2011-04-19 00:44:53 +02:00
gpt_partition.h disk: Update grub_gpt_partentry 2018-04-23 13:21:45 +02:00
gui_string_util.h Move gfxmenu color handling to video, so that gfxterm can use it 2010-12-10 16:45:58 +00:00
gui.h * include/grub/gui.h (grub_fixed_sfs_divide): Round rather than 2013-11-08 16:17:29 +01:00
hfs.h hfs: Fix gcc9 error -Waddress-of-packed-member 2019-04-23 11:37:08 +02:00
hfsplus.h fs/hfsplus: Don't use uninitialized data on corrupt filesystems 2021-03-02 15:54:18 +01:00
i18n.h Add missing format_arg attribute to check that printf with translated 2013-12-17 16:42:01 +01:00
icon_manager.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
kernel.h shim_lock: Only skip loading shim_lock verifier with explicit consent 2021-03-02 15:54:19 +01:00
keyboard_layouts.h Handle Japanese special keys. 2013-10-17 00:49:05 +02:00
legacy_parse.h * grub-core/tests/legacy_password_test.c: New test. 2013-11-12 02:38:33 +01:00
libpciaccess.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
linux.h Add ability to generate newc additions on runtime. 2013-03-22 21:01:28 +01:00
list.h verifiers: Framework core 2018-11-09 13:25:31 +01:00
loader.h efi: Fix use-after-free in halt/reboot path 2020-07-29 16:55:48 +02:00
lockdown.h kern: Add lockdown support 2021-03-02 15:54:15 +01:00
lvm.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
macho.h * grub-core/loader/machoXX.c: Fix compilation on non-i386. 2013-12-17 22:44:46 +01:00
machoload.h verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
memory.h Translate UEFI persistent memory type 2015-12-15 10:25:34 +03:00
menu_viewer.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
menu.h Fix menu title instability bug. 2012-03-04 14:55:13 +01:00
misc.h kern/misc: Add function to check printf() format against expected format 2021-03-02 15:54:20 +01:00
mm_private.h fix grub-emu compilation 2010-08-28 14:52:25 +02:00
mm.h calloc: Make sure we always have an overflow-checking calloc() available 2020-07-29 16:55:47 +02:00
module_verifier.h grub-module-verifier: Report the filename or modname in errors 2018-09-12 13:24:36 +02:00
msdos_partition.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
multiboot2.h Add a file missing in multiboot2 commit. 2017-09-05 23:13:55 +02:00
multiboot_loader.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
multiboot.h multiboot: disentangle multiboot and multiboot2. 2017-08-14 14:08:54 +02:00
net.h normal/main: Search for specific config files for netboot 2020-02-18 15:12:06 +01:00
normal.h * grub-core/normal/main.c: Don't drop to rescue console in 2014-09-21 18:51:09 +02:00
ns8250.h Fix compilation on yeeloong 2010-08-29 13:45:36 +02:00
ntfs.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
offsets.h xen: Add PVH specific defines to offset.h 2018-12-12 12:03:27 +01:00
parser.h * grub-core/disk/ldm.c: Rename variables and arguments to prevent 2013-10-18 16:54:57 +02:00
partition.h mbr: Warn if MBR gap is small and user uses advanced modules 2020-12-12 01:19:03 +01:00
parttool.h Add missing const qualifiers. 2011-11-30 16:20:13 +01:00
pci.h arm_coreboot: Support DMA. 2017-05-08 22:06:04 +02:00
pciutils.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
priority_queue.h * tests/priority_queue_unit_test.cc: New test. 2013-05-07 11:30:48 +02:00
procfs.h fix include loop on MinGW due to libintl.h pulling stdio.h 2014-01-18 21:22:57 +04:00
ps2.h at_keyboard: Split protocol from controller code. 2017-05-08 21:41:22 +02:00
pubkey.h verifiers: fix double close on pgp's sig file descriptor 2018-11-21 14:46:53 +01:00
random.h Add RNG module. 2016-02-12 12:39:38 +01:00
reader.h Remove nested functions from script reading and parsing. 2013-01-15 12:03:25 +00:00
reed_solomon.h C part of Reed-Solomon 2010-09-24 14:05:47 +02:00
relocator_private.h Fix ppc compilation problems 2010-05-01 13:23:19 +02:00
relocator.h relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow 2020-07-29 16:55:48 +02:00
safemath.h safemath: Add some arithmetic primitives that check for overflow 2020-07-29 16:55:47 +02:00
script_sh.h lexer: char const * should be const char * 2020-09-18 22:31:30 +02:00
scsi.h Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
scsicmd.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
sdl.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
search.h support subpartition hints 2010-09-13 12:16:22 +02:00
serial.h * grub-core/term/serial.c: Add option for enabling/disabling 2013-11-08 18:20:20 +01:00
setjmp.h * include/grub/setjmp.h: Define RETURNS_TWICE. Keep it empty for 2013-10-18 16:38:36 +02:00
smbios.h smbios: Add a module for retrieving SMBIOS information 2019-07-11 21:06:12 +02:00
smbus.h working copy, wo nested packaging 2010-08-17 19:03:22 +05:30
speaker.h New terminal outputs using serial: morse and spkmodem. 2013-01-16 20:39:54 +01:00
stack_protector.h kern/efi: Add initial stack protector implementation 2021-03-02 15:54:19 +01:00
symbol.h With Apple assembly in .macro environvemnt you have to use $$ instead 2013-11-24 07:08:18 +01:00
syslinux_parse.h Implement syslinux parser. 2013-12-18 05:28:05 +01:00
term.h kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys 2020-04-21 22:13:44 +02:00
terminfo.h Lift 255x255 erminal sie restriction to 65535x65535. Also change from 2013-10-19 23:59:32 +02:00
test.h * include/grub/test.h: Use gnu_printf rather than printf on GRUB 2013-12-15 14:39:21 +01:00
time.h Add a new "none" platform that only builds utilities 2014-09-23 12:06:30 +01:00
tparm.h Add missing const qualifiers. 2011-11-30 16:20:13 +01:00
tpm.h efi/tpm: Remove unused functions and structures 2020-09-18 22:31:29 +02:00
trig.h * grub-core/gentrigtables.c: Make tables const. 2013-03-01 11:15:09 +01:00
types.h cryptodisk: Add macros GRUB_TYPE_U_MAX/MIN(type) to replace literals 2020-12-12 01:19:04 +01:00
udf.h Split out blocklist retrieving from setup.c to 2013-10-15 17:02:26 +02:00
unicode.h calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
usb.h usb: Avoid possible out-of-bound accesses caused by malicious devices 2021-03-02 15:54:15 +01:00
usbdesc.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
usbserial.h Implement USBDebug (full USB stack variant). 2013-02-01 21:49:29 +01:00
usbtrans.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00
verify.h verifiers: Move verifiers API to kernel image 2021-03-02 15:54:15 +01:00
vga.h Add monochrome text support (mda_text, aka `hercules' in grub-legacy). 2012-06-28 15:27:54 +02:00
vgaregs.h Add monochrome text support (mda_text, aka `hercules' in grub-legacy). 2012-06-28 15:27:54 +02:00
video_fb.h * grub-core/gfxmenu/gui_box.c: Updated to work with area status. 2013-11-08 15:42:38 +04:00
video.h * include/grub/video.h (grub_video_rgba_color_rgb): Fix prototype 2013-12-21 14:31:47 +01:00
xen_file.h xen: add capability to load p2m list outside of kernel mapping 2016-10-27 16:22:06 +02:00
xen.h xen: Add basic hooks for PVH in current code 2018-12-12 12:03:27 +01:00
xnu.h Add gcc_struct to all packed structures when compiling with mingw. 2013-12-15 14:14:30 +01:00