Re: [SECURITY PATCH 114/117] kern/misc: Add function to check printf() f

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY PATCH 114/117] kern/misc: Add function to check printf() f

From:	Colin Watson
Subject:	Re: [SECURITY PATCH 114/117] kern/misc: Add function to check printf() format against expected format
Date:	Thu, 18 Mar 2021 01:30:22 +0000
User-agent:	Mutt/1.10.1 (2018-07-13)

On Tue, Mar 02, 2021 at 07:02:01PM +0100, Daniel Kiper wrote:
> @@ -1121,6 +1159,42 @@ grub_xasprintf (const char *fmt, ...)
>    return ret;
>  }
>  
> +grub_err_t
> +grub_printf_fmt_check (const char *fmt, const char *fmt_expected)
> +{
> +  struct printf_args args_expected, args_fmt;
> +  grub_err_t ret;
> +  grub_size_t n;
> +
> +  if (fmt == NULL || fmt_expected == NULL)
> +    return grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid format");
> +
> +  ret = parse_printf_arg_fmt (fmt_expected, &args_expected, 1, 
> GRUB_SIZE_MAX);
> +  if (ret != GRUB_ERR_NONE)
> +    return ret;
> +
> +  /* Limit parsing to the number of expected arguments. */
> +  ret = parse_printf_arg_fmt (fmt, &args_fmt, 1, args_expected.count);
> +  if (ret != GRUB_ERR_NONE)
> +    {
> +      free_printf_args (&args_expected);
> +      return ret;
> +    }
> +
> +  for (n = 0; n < args_fmt.count; n++)
> +    if (args_fmt.ptr[n].type != args_expected.ptr[n].type)
> +     {
> +     ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "arguments types do not 
> match");
> +     break;
> +     }
> +
> +  free_printf_args (&args_expected);
> +  free_printf_args (&args_fmt);
> +
> +  return ret;
> +}
> +
> +
>  /* Abort GRUB. This function does not return.  */
>  static void __attribute__ ((noreturn))
>  grub_abort (void)

This function is only used by gfxmenu.  Could it please be moved out of
the kernel and into a module, perhaps just gfxmenu itself?

As shown in the report from the other mail I just sent to this thread,
this patch costs an additional 273 bytes on i386-pc, where core image
size is at an extreme premium on some systems with limited space between
the MBR and the first partition; a plausible RAID setup used by some
Debian users is currently 316 bytes over the limit, so reclaiming this
space would be valuable.

Reclaiming all of those 273 bytes would probably involve duplicating
parse_printf_arg_fmt rather than having the fmt_check and max_args
arguments there, but I'm sure that even just moving the top-level
format-checking function would help.

Thanks,

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

[Prev in Thread]

Current Thread

[Next in Thread]

[SECURITY PATCH 100/117] kern/parser: Fix a stack buffer overflow, (continued)
- [SECURITY PATCH 100/117] kern/parser: Fix a stack buffer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 103/117] util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 105/117] util/mkimage: Unify more of the PE32 and PE32+ header set-up, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 101/117] kern/efi: Add initial stack protector implementation, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 109/117] util/mkimage: Add an option to import SBAT metadata into a .sbat section, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 115/117] gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 104/117] util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 112/117] kern/misc: Split parse_printf_args() into format parsing and va_list handling, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 106/117] util/mkimage: Reorder PE optional header fields set-up, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 114/117] kern/misc: Add function to check printf() format against expected format, Daniel Kiper, 2021/03/02
  - Re: [SECURITY PATCH 114/117] kern/misc: Add function to check printf() format against expected format, Colin Watson <=
- [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/02
  - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Didier Spaier, 2021/03/02
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Lennart Sorensen, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, John Paul Adrian Glaubitz, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Lennart Sorensen, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Didier Spaier, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, Daniel Kiper, 2021/03/03
    - Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, John Paul Adrian Glaubitz, 2021/03/03
- [SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error, Daniel Kiper, 2021/03/02

Prev by Date: Re: [SECURITY PATCH 001/117] verifiers: Move verifiers API to kernel image
Next by Date: Re: [SECURITY PATCH 001/117] verifiers: Move verifiers API to kernel image
Previous by thread: [SECURITY PATCH 114/117] kern/misc: Add function to check printf() format against expected format
Next by thread: [SECURITY PATCH 116/117] templates: Disable the os-prober by default
Index(es):
- Date
- Thread