Date: Fri, 21 May 2021 01:00:35 GMT From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 3099792c874d - stable/13 - MFC fixes to hostuuid handling Message-ID: <202105210100.14L10ZCe000632@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=3099792c874dee0645672c7609d3db1373d9e5a4 commit 3099792c874dee0645672c7609d3db1373d9e5a4 Author: Colin Percival <cperciva@FreeBSD.org> AuthorDate: 2021-05-15 05:57:38 +0000 Commit: Colin Percival <cperciva@FreeBSD.org> CommitDate: 2021-05-21 00:57:15 +0000 MFC fixes to hostuuid handling 330f110b: Fix 'hostuuid: preload data malformed' warning If the preloaded hostuuid value is invalid and verbose booting is enabled, a warning is printed. This printf had two bugs: 1. It was missing a trailing \n character. 2. The malformed UUID is printed with %s even though it is not known to be NUL-terminated. This commit adds the missing \n and uses %.*s with the (already known) length of the preloaded UUID to ensure that we don't read past the end of the buffer. Reported by: kevans Fixes: c3188289 Preload hostuuid for early-boot use b6be9566: Fix buffer overflow in preloaded hostuuid cleaning When a module of type "hostuuid" is provided by the loader, prison0_init strips any trailing whitespace and ASCII control characters by (a) adjusting the buffer length, and (b) zeroing out the characters in question, before storing it as the system's hostuuid. The buffer length adjustment was correct, but the zeroing overwrote one byte higher in memory than intended -- in the typical case, zeroing one byte past the end of the hostuuid buffer. Due to the layout of buffers passed by the boot loader to the kernel, this will be the first byte of a subsequent buffer. This was *probably* harmless; prison0_init runs after preloaded kernel modules have been linked and after the preloaded /boot/entropy cache has been processed, so in both cases having the first byte overwritten will not cause problems. We cannot however rule out the possibility that other objects which are preloaded by the loader could suffer from having the first byte overwritten. Since the zeroing does not in fact serve any purpose, remove it and trim trailing whitespace and ASCII control characters by adjusting the buffer length alone. Fixes: c3188289 Preload hostuuid for early-boot use Reviewed by: kevans, markj (cherry picked from commit 330f110bf1e420dc8d8ddadc4030e0ae1f1c52bd) (cherry picked from commit b6be9566d236f83ad1a44170a64b9a34e382eafa) --- sys/kern/kern_jail.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index b5c8f6ebf9be..303e31490eb1 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -257,14 +257,14 @@ prison0_init(void) * non-printable characters to be safe. */ while (size > 0 && data[size - 1] <= 0x20) { - data[size--] = '\0'; + size--; } if (validate_uuid(data, size, NULL, 0) == 0) { (void)strlcpy(prison0.pr_hostuuid, data, size + 1); } else if (bootverbose) { - printf("hostuuid: preload data malformed: '%s'", - data); + printf("hostuuid: preload data malformed: '%.*s'\n", + (int)size, data); } } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105210100.14L10ZCe000632>