diff options
author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2019-09-18 11:35:35 +0000 |
---|---|---|
committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2019-09-18 11:35:35 +0000 |
commit | 8878c06c649d6723f737eb0471198810e7840fbc (patch) | |
tree | 0767f12be80efe36cf0e106399281f8ed79b9a5d | |
parent | 8f77bed5b9e3f96e1fcf344bef8e85a338e9da6b (diff) | |
parent | cf691b2b138fb3e0396a16406094b82ec555610e (diff) | |
download | illumos-joyent-8878c06c649d6723f737eb0471198810e7840fbc.tar.gz |
[illumos-gate merge]
commit cf691b2b138fb3e0396a16406094b82ec555610e
11587 loader.efi: comparison is always true due to limited range of data type
commit e141bae1eadd4373d692c722ab88dff7d998a3b8
11696 loader: scan_buffer can leave empty string on stack
commit e982f11fb2fc266a3d04a69ea3edcf51f44b1e0f
11694 os-tests: secflags_limits.sh has a typo "devlnull"
-rw-r--r-- | usr/src/boot/Makefile.version | 2 | ||||
-rw-r--r-- | usr/src/boot/sys/boot/efi/loader/copy.c | 34 | ||||
-rw-r--r-- | usr/src/boot/sys/boot/forth/support.4th | 2 | ||||
-rw-r--r-- | usr/src/test/os-tests/tests/secflags/secflags_limits.sh | 4 |
4 files changed, 28 insertions, 14 deletions
diff --git a/usr/src/boot/Makefile.version b/usr/src/boot/Makefile.version index bb38843679..bda3f08ec7 100644 --- a/usr/src/boot/Makefile.version +++ b/usr/src/boot/Makefile.version @@ -33,4 +33,4 @@ LOADER_VERSION = 1.1 # Use date like formatting here, YYYY.MM.DD.XX, without leading zeroes. # The version is processed from left to right, the version number can only # be increased. -BOOT_VERSION = $(LOADER_VERSION)-2019.09.09.1 +BOOT_VERSION = $(LOADER_VERSION)-2019.09.10.1 diff --git a/usr/src/boot/sys/boot/efi/loader/copy.c b/usr/src/boot/sys/boot/efi/loader/copy.c index 93923500b2..0dd8e8a5cc 100644 --- a/usr/src/boot/sys/boot/efi/loader/copy.c +++ b/usr/src/boot/sys/boot/efi/loader/copy.c @@ -36,7 +36,6 @@ #include <efi.h> #include <efilib.h> -#include <assert.h> #include "loader_efi.h" @@ -48,7 +47,7 @@ addr_verify(multiboot_tag_module_t *module, vm_offset_t addr, size_t size) { vm_offset_t start, end; - for (;module->mb_type == MULTIBOOT_TAG_TYPE_MODULE; + for (; module->mb_type == MULTIBOOT_TAG_TYPE_MODULE; module = (multiboot_tag_module_t *) roundup((uintptr_t)module + module->mb_size, MULTIBOOT_TAG_ALIGN)) { @@ -154,7 +153,7 @@ efi_physaddr(multiboot_tag_module_t *module, vm_offset_t addr, * about the order of the allocated blocks. */ vm_offset_t -efi_loadaddr(u_int type, void *data, vm_offset_t addr) +efi_loadaddr(uint_t type, void *data, vm_offset_t addr) { EFI_PHYSICAL_ADDRESS paddr; struct stat st; @@ -177,7 +176,7 @@ efi_loadaddr(u_int type, void *data, vm_offset_t addr) pages = EFI_SIZE_TO_PAGES(size); /* 4GB upper limit */ - paddr = 0x0000000100000000; + paddr = UINT32_MAX; status = BS->AllocatePages(AllocateMaxAddress, EfiLoaderData, pages, &paddr); @@ -206,24 +205,37 @@ efi_translate(vm_offset_t ptr) ssize_t efi_copyin(const void *src, vm_offset_t dest, const size_t len) { - assert(dest < 0x100000000); - bcopy(src, (void *)(uintptr_t)dest, len); - return (len); + if (dest + len >= dest && (uint64_t)dest + len <= UINT32_MAX) { + bcopy(src, (void *)(uintptr_t)dest, len); + return (len); + } else { + errno = EFBIG; + return (-1); + } } ssize_t efi_copyout(const vm_offset_t src, void *dest, const size_t len) { - assert(src < 0x100000000); - bcopy((void *)(uintptr_t)src, dest, len); - return (len); + if (src + len >= src && (uint64_t)src + len <= UINT32_MAX) { + bcopy((void *)(uintptr_t)src, dest, len); + return (len); + } else { + errno = EFBIG; + return (-1); + } } ssize_t efi_readin(const int fd, vm_offset_t dest, const size_t len) { - return (read(fd, (void *)dest, len)); + if (dest + len >= dest && (uint64_t)dest + len <= UINT32_MAX) { + return (read(fd, (void *)dest, len)); + } else { + errno = EFBIG; + return (-1); + } } /* diff --git a/usr/src/boot/sys/boot/forth/support.4th b/usr/src/boot/sys/boot/forth/support.4th index 8ea4d3812c..777632095b 100644 --- a/usr/src/boot/sys/boot/forth/support.4th +++ b/usr/src/boot/sys/boot/forth/support.4th @@ -418,6 +418,7 @@ variable fd ; : line_buffer_resize ( len -- len ) + dup 0= if exit then >r line_buffer .len @ if line_buffer .addr @ @@ -431,6 +432,7 @@ variable fd ; : append_to_line_buffer ( addr len -- ) + dup 0= if 2drop exit then line_buffer strget 2swap strcat line_buffer .len ! diff --git a/usr/src/test/os-tests/tests/secflags/secflags_limits.sh b/usr/src/test/os-tests/tests/secflags/secflags_limits.sh index 0affafe08d..2c180fe276 100644 --- a/usr/src/test/os-tests/tests/secflags/secflags_limits.sh +++ b/usr/src/test/os-tests/tests/secflags/secflags_limits.sh @@ -27,7 +27,7 @@ cleanup() { trap cleanup EXIT # Check that lower implies setting of inheritable -echo "Setting lower also adds to inheritable" +echo "Setting lower also adds to inheritable" /usr/bin/psecflags -s L=aslr $$ cat > expected <<EOF @@ -45,7 +45,7 @@ echo "Setting in lower cannot be removed" echo "Setting in lower cannot be removed from upper" -/usr/bin/psecflags -s U=current,-aslr $$ 2>/devlnull && exit 1 +/usr/bin/psecflags -s U=current,-aslr $$ 2>/dev/null && exit 1 /usr/bin/psecflags -s U=current,-noexecstack $$ |