Hello Suzuki,
Conflicts occur when I tried to apply the patch to latest kexec-tools by
using git am.
Applying: kexec/powerpc: Handle buffer overflow in kernel command line
/data/kexec-tools/.git/rebase-apply/patch:79: trailing whitespace.
error: patch failed: kexec/arch/ppc/kexec-elf-ppc.c:156
error: kexec/arch/ppc/kexec-elf-ppc.c: patch does not apply
error: patch failed: kexec/arch/ppc/kexec-uImage-ppc.c:81
error: kexec/arch/ppc/kexec-uImage-ppc.c: patch does not apply
Patch failed at 0001 kexec/powerpc: Handle buffer overflow in kernel command
line
When you have resolved this problem run "git am --resolved".
If you would prefer to skip this patch, instead run "git am --skip".
To restore the original branch and stop patching run "git am --abort".
Thanks
Zhang
于 2013年04月02日 16:03, Suzuki K. Poulose 写道:
> From: Suzuki K. Poulose <[email protected]>
>
> Enforce size check for kernel command line to make sure it
> doesn't overflow COMMAND_LINE_SIZE.
>
> Reported-by: Nathan D. Miller <[email protected]>
> Signed-off-by: Suzuki K. Poulose <[email protected]>
> ---
> kexec/arch/ppc/kexec-elf-ppc.c | 41
> ++++++++++++++++++-------------------
> kexec/arch/ppc/kexec-uImage-ppc.c | 31 ++++++++++++++--------------
> 2 files changed, 35 insertions(+), 37 deletions(-)
>
> diff --git a/kexec/arch/ppc/kexec-elf-ppc.c b/kexec/arch/ppc/kexec-elf-ppc.c
> index 5f63a64..7ba8421 100644
> --- a/kexec/arch/ppc/kexec-elf-ppc.c
> +++ b/kexec/arch/ppc/kexec-elf-ppc.c
> @@ -156,7 +156,7 @@ int elf_ppc_load(int argc, char **argv, const char
> *buf, off_t len,
> {
> struct mem_ehdr ehdr;
> char *command_line, *crash_cmdline, *cmdline_buf;
> - int command_line_len;
> + int command_line_len, crash_cmdline_len;
> char *dtb;
> int result;
> unsigned long max_addr, hole_addr;
> @@ -233,27 +233,15 @@ int elf_ppc_load(int argc, char **argv, const char
> *buf, off_t len,
> }
>
> command_line_len = 0;
> - if (command_line) {
> - command_line_len = strlen(command_line) + 1;
> - } else {
> + if (!command_line)
> command_line = get_command_line();
> - command_line_len = strlen(command_line) + 1;
> - }
> + command_line_len = strlen(command_line);
>
> if (ramdisk && reuse_initrd)
> die("Can't specify --ramdisk or --initrd with --reuseinitrd\n");
>
> fixup_nodes[cur_fixup] = NULL;
>
> - /* Need to append some command line parameters internally in case of
> - * taking crash dumps.
> - */
> - if (info->kexec_flags & KEXEC_ON_CRASH) {
> - crash_cmdline = xmalloc(COMMAND_LINE_SIZE);
> - memset((void *)crash_cmdline, 0, COMMAND_LINE_SIZE);
> - } else
> - crash_cmdline = NULL;
> -
> /* Parse the Elf file */
> result = build_elf_exec_info(buf, len, &ehdr, 0);
> if (result < 0) {
> @@ -291,26 +279,37 @@ int elf_ppc_load(int argc, char **argv, const char
> *buf, off_t len,
> return result;
> }
>
> - /* If panic kernel is being loaded, additional segments need
> - * to be created.
> + /*
> + * Need to append some command line parameters internally in case of
> + * taking crash dumps. Additional segments have to be loaded for panic
> + * kernel.
> */
> if (info->kexec_flags & KEXEC_ON_CRASH) {
> + crash_cmdline = xmalloc(COMMAND_LINE_SIZE);
> + memset((void *)crash_cmdline, 0, COMMAND_LINE_SIZE);
> result = load_crashdump_segments(info, crash_cmdline,
> max_addr, 0);
> if (result < 0) {
> free(crash_cmdline);
> return -1;
> }
> + crash_cmdline_len = strlen(crash_cmdline);
> + } else {
> + crash_cmdline = NULL;
> + crash_cmdline_len = 0;
> }
>
> + if (crash_cmdline_len + command_line_len + 1 > COMMAND_LINE_SIZE) {
> + printf ("Command line buffer overflow\n");
> + return -1;
> + }
> +
> cmdline_buf = xmalloc(COMMAND_LINE_SIZE);
> memset((void *)cmdline_buf, 0, COMMAND_LINE_SIZE);
> if (command_line)
> - strncat(cmdline_buf, command_line, command_line_len);
> + strcpy(cmdline_buf, command_line);
> if (crash_cmdline)
> - strncat(cmdline_buf, crash_cmdline,
> - sizeof(crash_cmdline) -
> - strlen(crash_cmdline) - 1);
> + strncat(cmdline_buf, crash_cmdline, crash_cmdline_len);
>
> /*
> * In case of a toy we take the hardcoded things and an easy setup via
> diff --git a/kexec/arch/ppc/kexec-uImage-ppc.c
> b/kexec/arch/ppc/kexec-uImage-ppc.c
> index 900cd16..0c96bac 100644
> --- a/kexec/arch/ppc/kexec-uImage-ppc.c
> +++ b/kexec/arch/ppc/kexec-uImage-ppc.c
> @@ -81,7 +81,7 @@ static int ppc_load_bare_bits(int argc, char **argv, const
> char *buf,
> unsigned int ep)
> {
> char *command_line, *cmdline_buf, *crash_cmdline;
> - int command_line_len;
> + int command_line_len, crash_cmdline_len;
> char *dtb;
> unsigned int addr;
> unsigned long dtb_addr;
> @@ -140,13 +140,10 @@ static int ppc_load_bare_bits(int argc, char **argv,
> const char *buf,
> die("Can't specify --ramdisk or --initrd with --reuseinitrd\n");
>
> command_line_len = 0;
> - if (command_line) {
> - command_line_len = strlen(command_line) + 1;
> - } else {
> + if (!command_line)
> command_line = get_command_line();
> - command_line_len = strlen(command_line) + 1;
> - }
>
> + command_line_len = strlen(command_line);
> fixup_nodes[cur_fixup] = NULL;
>
> /*
> @@ -179,25 +176,27 @@ static int ppc_load_bare_bits(int argc, char **argv,
> const char *buf,
> if (info->kexec_flags & KEXEC_ON_CRASH) {
> crash_cmdline = xmalloc(COMMAND_LINE_SIZE);
> memset((void *)crash_cmdline, 0, COMMAND_LINE_SIZE);
> - } else
> - crash_cmdline = NULL;
> -
> - if (info->kexec_flags & KEXEC_ON_CRASH) {
> ret = load_crashdump_segments(info, crash_cmdline,
> max_addr, 0);
> - if (ret < 0) {
> + if (ret < 0)
> return -1;
> - }
> + crash_cmdline_len = strlen(crash_cmdline);
> + } else {
> + crash_cmdline = NULL;
> + crash_cmdline_len = 0;
> + }
> +
> + if (command_line_len + crash_cmdline_len + 1 > COMMAND_LINE_SIZE) {
> + printf("Command line buffer overflow \n");
> + return -1;
> }
>
> cmdline_buf = xmalloc(COMMAND_LINE_SIZE);
> memset((void *)cmdline_buf, 0, COMMAND_LINE_SIZE);
> if (command_line)
> - strncat(cmdline_buf, command_line, command_line_len);
> + strcpy(cmdline_buf, command_line);
> if (crash_cmdline)
> - strncat(cmdline_buf, crash_cmdline,
> - sizeof(crash_cmdline) -
> - strlen(crash_cmdline) - 1);
> + strncat(cmdline_buf, crash_cmdline, crash_cmdline_len);
>
> elf_rel_build_load(info, &info->rhdr, (const char *)purgatory,
> purgatory_size, 0, -1, -1, 0);
>
>
> _______________________________________________
> kexec mailing list
> [email protected]
> http://lists.infradead.org/mailman/listinfo/kexec
_______________________________________________
kexec mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/kexec
