proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-07-24 22:19:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
83603bea6c
grub2/grub-core
History
Thomas Frauendorfer | Miray Software 83603bea6c kern/misc: Add function to check printf() format against expected format 
The grub_printf_fmt_check() function parses the arguments of an untrusted
printf() format and an expected printf() format and then compares the
arguments counts and arguments types. The arguments count in the untrusted
format string must be less or equal to the arguments count in the expected
format string and both arguments types must match.

To do this the parse_printf_arg_fmt() helper function is extended in the
following way:

  1. Add a return value to report errors to the grub_printf_fmt_check().

  2. Add the fmt_check argument to enable stricter format verification:
     - the function expects that arguments definitions are always
       terminated by a supported conversion specifier.
     - positional parameters, "$", are not allowed, as they cannot be
       validated correctly with the current implementation. For example
       "%s%1$d" would assign the first args entry twice while leaving the
       second one unchanged.
     - Return an error if preallocated space in args is too small and
       allocation fails for the needed size. The grub_printf_fmt_check()
       should verify all arguments. So, if validation is not possible for
       any reason it should return an error.
     This also adds a case entry to handle "%%", which is the escape
     sequence to print "%" character.

  3. Add the max_args argument to check for the maximum allowed arguments
     count in a printf() string. This should be set to the arguments count
     of the expected format. Then the parse_printf_arg_fmt() function will
     return an error if the arguments count is exceeded.

The two additional arguments allow us to use parse_printf_arg_fmt() in
printf() and grub_printf_fmt_check() calls.

When parse_printf_arg_fmt() is used by grub_printf_fmt_check() the
function parse user provided untrusted format string too. So, in
that case it is better to be too strict than too lenient.

Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2021-03-02 15:54:20 +01:00
..
boot A workaround for clang problem assembling startup_raw.S 2019-04-08 15:22:10 +10:00
bus usb: Avoid possible out-of-bound accesses caused by malicious devices 2021-03-02 15:54:15 +01:00
commands commands/menuentry: Fix quoting in setparams_prefix() 2021-03-02 15:54:17 +01:00
disk disk/lvm: Do not allow a LV to be it's own segment's node's LV 2021-03-02 15:54:19 +01:00
efiemu calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
font font: Do not load more than one NAME section 2020-07-29 16:55:48 +02:00
fs fs/btrfs: Squash some uninitialized reads 2021-03-02 15:54:19 +01:00
gdb gdb: Restrict GDB access when locked down 2021-03-02 15:54:15 +01:00
gettext verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
gfxmenu gfxmenu/gui_list: Remove code that coverity is flagging as dead 2021-03-02 15:54:17 +01:00
hello * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
hook * grub-core/hook/datehook.c (grub_read_hook_datetime): Small stylistic 2011-11-11 21:03:49 +01:00
io io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails 2021-03-02 15:54:18 +01:00
kern kern/misc: Add function to check printf() format against expected format 2021-03-02 15:54:20 +01:00
lib lib/arg: Block repeated short options that require an argument 2021-03-02 15:54:17 +01:00
loader loader/xnu: Check if pointer is NULL before using it 2021-03-02 15:54:17 +01:00
mmap mmap: Fix memory leak when iterating over mapped memory 2021-03-02 15:54:15 +01:00
net net/tftp: Fix dangling memory pointer 2021-03-02 15:54:16 +01:00
normal normal/completion: Fix leaking of memory when processing a completion 2021-03-02 15:54:17 +01:00
osdep disk: Rename grub_disk_get_size() to grub_disk_native_sectors() 2020-12-12 01:19:03 +01:00
partmap mbr: Warn if MBR gap is small and user uses advanced modules 2020-12-12 01:19:03 +01:00
parttool * grub-core/net/http.c: Add TRANSLATORS comments. 2012-03-05 16:42:26 +01:00
script script/execute: Don't crash on a "for" loop with no items 2021-03-02 15:54:17 +01:00
term term/gfxterm: Don't set up a font with glyphs that are too big 2021-03-02 15:54:18 +01:00
tests calloc: Use calloc() at most places 2020-07-29 16:55:47 +02:00
video video/readers/jpeg: Don't decode data before start of stream 2021-03-02 15:54:18 +01:00
gdb_grub.in * grub-core/gdb_grub.in: Fix overflow and wrong field. 2013-10-14 03:40:20 +02:00
genemuinit.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genemuinitheader.sh use MODULE_FILES for genemuinit* instead of MOD_FILES 2014-01-18 23:15:40 +04:00
genmod.sh.in .mod files: Strip annobin annotations and .eh_frame, and their relocations 2018-03-05 14:08:22 +01:00
genmoddep.awk enforcing fixup 2017-08-14 16:27:10 +02:00
gensyminfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00
gensymlist.sh Make 'make check' work on emu. 2013-04-27 02:00:16 +02:00
gentrigtables.c * grub-core/gentrigtables.c: Make tables const. 2013-03-01 11:15:09 +01:00
gmodule.pl.in * grub-core/gmodule.pl.in: Accept newer binutils which output 2014-09-21 18:23:23 +02:00
Makefile.am kern/efi: Add initial stack protector implementation 2021-03-02 15:54:19 +01:00
Makefile.core.def kern/buffer: Add variable sized heap buffer 2021-03-02 15:54:19 +01:00
modinfo.sh.in Fix shebang for termux. 2017-05-03 12:49:31 +02:00