summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJerry Jelinek <jerry.jelinek@joyent.com>2019-09-18 11:35:35 +0000
committerJerry Jelinek <jerry.jelinek@joyent.com>2019-09-18 11:35:35 +0000
commit8878c06c649d6723f737eb0471198810e7840fbc (patch)
tree0767f12be80efe36cf0e106399281f8ed79b9a5d
parent8f77bed5b9e3f96e1fcf344bef8e85a338e9da6b (diff)
parentcf691b2b138fb3e0396a16406094b82ec555610e (diff)
downloadillumos-joyent-8878c06c649d6723f737eb0471198810e7840fbc.tar.gz
[illumos-gate merge]
commit cf691b2b138fb3e0396a16406094b82ec555610e 11587 loader.efi: comparison is always true due to limited range of data type commit e141bae1eadd4373d692c722ab88dff7d998a3b8 11696 loader: scan_buffer can leave empty string on stack commit e982f11fb2fc266a3d04a69ea3edcf51f44b1e0f 11694 os-tests: secflags_limits.sh has a typo "devlnull"
-rw-r--r--usr/src/boot/Makefile.version2
-rw-r--r--usr/src/boot/sys/boot/efi/loader/copy.c34
-rw-r--r--usr/src/boot/sys/boot/forth/support.4th2
-rw-r--r--usr/src/test/os-tests/tests/secflags/secflags_limits.sh4
4 files changed, 28 insertions, 14 deletions
diff --git a/usr/src/boot/Makefile.version b/usr/src/boot/Makefile.version
index bb38843679..bda3f08ec7 100644
--- a/usr/src/boot/Makefile.version
+++ b/usr/src/boot/Makefile.version
@@ -33,4 +33,4 @@ LOADER_VERSION = 1.1
# Use date like formatting here, YYYY.MM.DD.XX, without leading zeroes.
# The version is processed from left to right, the version number can only
# be increased.
-BOOT_VERSION = $(LOADER_VERSION)-2019.09.09.1
+BOOT_VERSION = $(LOADER_VERSION)-2019.09.10.1
diff --git a/usr/src/boot/sys/boot/efi/loader/copy.c b/usr/src/boot/sys/boot/efi/loader/copy.c
index 93923500b2..0dd8e8a5cc 100644
--- a/usr/src/boot/sys/boot/efi/loader/copy.c
+++ b/usr/src/boot/sys/boot/efi/loader/copy.c
@@ -36,7 +36,6 @@
#include <efi.h>
#include <efilib.h>
-#include <assert.h>
#include "loader_efi.h"
@@ -48,7 +47,7 @@ addr_verify(multiboot_tag_module_t *module, vm_offset_t addr, size_t size)
{
vm_offset_t start, end;
- for (;module->mb_type == MULTIBOOT_TAG_TYPE_MODULE;
+ for (; module->mb_type == MULTIBOOT_TAG_TYPE_MODULE;
module = (multiboot_tag_module_t *)
roundup((uintptr_t)module + module->mb_size, MULTIBOOT_TAG_ALIGN)) {
@@ -154,7 +153,7 @@ efi_physaddr(multiboot_tag_module_t *module, vm_offset_t addr,
* about the order of the allocated blocks.
*/
vm_offset_t
-efi_loadaddr(u_int type, void *data, vm_offset_t addr)
+efi_loadaddr(uint_t type, void *data, vm_offset_t addr)
{
EFI_PHYSICAL_ADDRESS paddr;
struct stat st;
@@ -177,7 +176,7 @@ efi_loadaddr(u_int type, void *data, vm_offset_t addr)
pages = EFI_SIZE_TO_PAGES(size);
/* 4GB upper limit */
- paddr = 0x0000000100000000;
+ paddr = UINT32_MAX;
status = BS->AllocatePages(AllocateMaxAddress, EfiLoaderData,
pages, &paddr);
@@ -206,24 +205,37 @@ efi_translate(vm_offset_t ptr)
ssize_t
efi_copyin(const void *src, vm_offset_t dest, const size_t len)
{
- assert(dest < 0x100000000);
- bcopy(src, (void *)(uintptr_t)dest, len);
- return (len);
+ if (dest + len >= dest && (uint64_t)dest + len <= UINT32_MAX) {
+ bcopy(src, (void *)(uintptr_t)dest, len);
+ return (len);
+ } else {
+ errno = EFBIG;
+ return (-1);
+ }
}
ssize_t
efi_copyout(const vm_offset_t src, void *dest, const size_t len)
{
- assert(src < 0x100000000);
- bcopy((void *)(uintptr_t)src, dest, len);
- return (len);
+ if (src + len >= src && (uint64_t)src + len <= UINT32_MAX) {
+ bcopy((void *)(uintptr_t)src, dest, len);
+ return (len);
+ } else {
+ errno = EFBIG;
+ return (-1);
+ }
}
ssize_t
efi_readin(const int fd, vm_offset_t dest, const size_t len)
{
- return (read(fd, (void *)dest, len));
+ if (dest + len >= dest && (uint64_t)dest + len <= UINT32_MAX) {
+ return (read(fd, (void *)dest, len));
+ } else {
+ errno = EFBIG;
+ return (-1);
+ }
}
/*
diff --git a/usr/src/boot/sys/boot/forth/support.4th b/usr/src/boot/sys/boot/forth/support.4th
index 8ea4d3812c..777632095b 100644
--- a/usr/src/boot/sys/boot/forth/support.4th
+++ b/usr/src/boot/sys/boot/forth/support.4th
@@ -418,6 +418,7 @@ variable fd
;
: line_buffer_resize ( len -- len )
+ dup 0= if exit then
>r
line_buffer .len @ if
line_buffer .addr @
@@ -431,6 +432,7 @@ variable fd
;
: append_to_line_buffer ( addr len -- )
+ dup 0= if 2drop exit then
line_buffer strget
2swap strcat
line_buffer .len !
diff --git a/usr/src/test/os-tests/tests/secflags/secflags_limits.sh b/usr/src/test/os-tests/tests/secflags/secflags_limits.sh
index 0affafe08d..2c180fe276 100644
--- a/usr/src/test/os-tests/tests/secflags/secflags_limits.sh
+++ b/usr/src/test/os-tests/tests/secflags/secflags_limits.sh
@@ -27,7 +27,7 @@ cleanup() {
trap cleanup EXIT
# Check that lower implies setting of inheritable
-echo "Setting lower also adds to inheritable"
+echo "Setting lower also adds to inheritable"
/usr/bin/psecflags -s L=aslr $$
cat > expected <<EOF
@@ -45,7 +45,7 @@ echo "Setting in lower cannot be removed"
echo "Setting in lower cannot be removed from upper"
-/usr/bin/psecflags -s U=current,-aslr $$ 2>/devlnull && exit 1
+/usr/bin/psecflags -s U=current,-aslr $$ 2>/dev/null && exit 1
/usr/bin/psecflags -s U=current,-noexecstack $$