Strings read from devices may sometimes fail to be
NULL-terminated. The functions in lib/string.c are subject to
failure in this case. Protect against observed failures in
set_gpt_info() by switching to length-checking variants with a length
limit of the maximum possible partition table length. At the same
time, add a few checks for NULL string pointers.
Here is an example as observed in sandbox under GDB:
=> gpt verify host 0 $partitions
Program received signal SIGSEGV, Segmentation fault.
0x0000000000477747 in strlen (s=0x0) at lib/string.c:267
267 for (sc = s; *sc != '\0'; ++sc)
(gdb) bt
#0 0x0000000000477747 in strlen (s=0x0) at lib/string.c:267
#1 0x00000000004140b2 in set_gpt_info (str_part=<optimized out>,
str_disk_guid=str_disk_guid@entry=0x7fffffffdbe8, partitions=partitions@entry=0x7fffffffdbd8,
parts_count=parts_count@entry=0x7fffffffdbcf "", dev_desc=<optimized out>) at cmd/gpt.c:415
#2 0x00000000004145b9 in gpt_verify (str_part=<optimized out>, blk_dev_desc=0x7fffef09a9d0) at cmd/gpt.c:580
#3 do_gpt (cmdtp=<optimized out>, flag=<optimized out>, argc=<optimized out>, argv=0x7fffef09a8f0)
at cmd/gpt.c:783
#4 0x00000000004295b0 in cmd_call (argv=0x7fffef09a8f0, argc=0x5, flag=<optimized out>,
cmdtp=0x714e20 <_u_boot_list_2_cmd_2_gpt>) at common/command.c:500
#5 cmd_process (flag=<optimized out>, argc=0x5, argv=0x7fffef09a8f0,
repeatable=repeatable@entry=0x726c04 <flag_repeat>, ticks=ticks@entry=0x0) at common/command.c:539
Suggested-by: Lothar Waßmann <LW@karo-electronics.de>
Signed-off-by: Alison Chaiken <alison@peloton-tech.com>
+static int calc_parts_list_len(int numparts)
+{
+ int partlistlen = UUID_STR_LEN + 1 + strlen("uuid_disk=");
+ /* for the comma */
+ partlistlen++;
+
+ /* per-partition additions; numparts starts at 1, so this should be correct */
+ partlistlen += numparts * (strlen("name=,") + PART_NAME_LEN + 1);
+ /* see part.h for definition of struct disk_partition */
+ partlistlen += numparts * (strlen("start=MiB,") + sizeof(lbaint_t) + 1);
+ partlistlen += numparts * (strlen("size=MiB,") + sizeof(lbaint_t) + 1);
+ partlistlen += numparts * (strlen("uuid=;") + UUID_STR_LEN + 1);
+ /* for the terminating null */
+ partlistlen++;
+ debug("Length of partitions_list is %d for %d partitions\n", partlistlen,
+ numparts);
+ return partlistlen;
+}
+
#ifdef CONFIG_CMD_GPT_RENAME
static void del_gpt_info(void)
{
#ifdef CONFIG_CMD_GPT_RENAME
static void del_gpt_info(void)
{
-static int calc_parts_list_len(int numparts)
-{
- int partlistlen = UUID_STR_LEN + 1 + strlen("uuid_disk=");
- /* for the comma */
- partlistlen++;
-
- /* per-partition additions; numparts starts at 1, so this should be correct */
- partlistlen += numparts * (strlen("name=,") + PART_NAME_LEN + 1);
- /* see part.h for definition of struct disk_partition */
- partlistlen += numparts * (strlen("start=MiB,") + sizeof(lbaint_t) + 1);
- partlistlen += numparts * (strlen("size=MiB,") + sizeof(lbaint_t) + 1);
- partlistlen += numparts * (strlen("uuid=;") + UUID_STR_LEN + 1);
- /* for the terminating null */
- partlistlen++;
- debug("Length of partitions_list is %d for %d partitions\n", partlistlen,
- numparts);
- return partlistlen;
-}
-
/*
* create the string that upstream 'gpt write' command will accept as an
* argument
/*
* create the string that upstream 'gpt write' command will accept as an
* argument
int errno = 0;
uint64_t size_ll, start_ll;
lbaint_t offset = 0;
int errno = 0;
uint64_t size_ll, start_ll;
lbaint_t offset = 0;
+ int max_str_part = calc_parts_list_len(MAX_SEARCH_PARTITIONS);
debug("%s: lba num: 0x%x %d\n", __func__,
(unsigned int)dev_desc->lba, (unsigned int)dev_desc->lba);
debug("%s: lba num: 0x%x %d\n", __func__,
(unsigned int)dev_desc->lba, (unsigned int)dev_desc->lba);
if (!val) {
#ifdef CONFIG_RANDOM_UUID
*str_disk_guid = malloc(UUID_STR_LEN + 1);
if (!val) {
#ifdef CONFIG_RANDOM_UUID
*str_disk_guid = malloc(UUID_STR_LEN + 1);
+ if (str_disk_guid == NULL)
+ return -ENOMEM;
gen_rand_uuid_str(*str_disk_guid, UUID_STR_FORMAT_STD);
#else
free(str);
gen_rand_uuid_str(*str_disk_guid, UUID_STR_FORMAT_STD);
#else
free(str);
/* Move s to first partition */
strsep(&s, ";");
}
/* Move s to first partition */
strsep(&s, ";");
}
+ if (s == NULL) {
+ printf("Error: is the partitions string NULL-terminated?\n");
+ return -EINVAL;
+ }
+ if (strnlen(s, max_str_part) == 0)
+ i = strnlen(s, max_str_part) - 1;
if (s[i] == ';')
s[i] = '\0';
if (s[i] == ';')
s[i] = '\0';
/* allocate memory for partitions */
parts = calloc(sizeof(disk_partition_t), p_count);
/* allocate memory for partitions */
parts = calloc(sizeof(disk_partition_t), p_count);
+ if (parts == NULL)
+ return -ENOMEM;
/* retrieve partitions data from string */
for (i = 0; i < p_count; i++) {
/* retrieve partitions data from string */
for (i = 0; i < p_count; i++) {
} else {
if (extract_env(val, &p))
p = val;
} else {
if (extract_env(val, &p))
p = val;
- if (strlen(p) >= sizeof(parts[i].uuid)) {
+ if (strnlen(p, max_str_part) >= sizeof(parts[i].uuid)) {
printf("Wrong uuid format for partition %d\n", i);
errno = -4;
goto err;
}
printf("Wrong uuid format for partition %d\n", i);
errno = -4;
goto err;
}
- strcpy((char *)parts[i].uuid, p);
+ strncpy((char *)parts[i].uuid, p, max_str_part);
free(val);
}
#ifdef CONFIG_PARTITION_TYPE_GUID
free(val);
}
#ifdef CONFIG_PARTITION_TYPE_GUID
/* 'type' is optional */
if (extract_env(val, &p))
p = val;
/* 'type' is optional */
if (extract_env(val, &p))
p = val;
- if (strlen(p) >= sizeof(parts[i].type_guid)) {
+ if (strnlen(p, max_str_part) >= sizeof(parts[i].type_guid)) {
printf("Wrong type guid format for partition %d\n",
i);
errno = -4;
goto err;
}
printf("Wrong type guid format for partition %d\n",
i);
errno = -4;
goto err;
}
- strcpy((char *)parts[i].type_guid, p);
+ strncpy((char *)parts[i].type_guid, p, max_str_part);
}
if (extract_env(val, &p))
p = val;
}
if (extract_env(val, &p))
p = val;
- if (strlen(p) >= sizeof(parts[i].name)) {
+ if (strnlen(p, max_str_part) >= sizeof(parts[i].name)) {
- strcpy((char *)parts[i].name, p);
+ strncpy((char *)parts[i].name, p, max_str_part);
projects / platform / kernel / u-boot.git / commitdiff