subject:"\[PATCH v2\] efi_loader\: Fix memory corruption on 32bit systems"

Re: [PATCH v2] efi_loader: Fix memory corruption on 32bit systems

2023-07-27 Thread Heinrich Schuchardt




Am 28. Juli 2023 03:51:55 MESZ schrieb Simon Glass :
>Hi,
>
>On Thu, 27 Jul 2023 at 08:36, Dan Carpenter  wrote:
>>
>> On Thu, Jul 27, 2023 at 11:22:15AM +0300, Ilias Apalodimas wrote:
>> > Hi Dan,
>> >
>> > [...]
>> >
>> > > @@ -313,7 +313,7 @@ static int cmp_pe_section(const void *arg1, const 
>> > > void *arg2)
>> > >   *
>> > >   * Return: valid pointer to a image, return NULL if allocation fails.
>> > >   */
>> > > -void *efi_prepare_aligned_image(void *efi, u64 *efi_size)
>> > > +void *efi_prepare_aligned_image(void *efi, size_t *efi_size)
>> > >  {
>> > > size_t new_efi_size;
>> > > void *new_efi;
>> > > @@ -600,7 +600,7 @@ static bool efi_image_authenticate(void *efi, size_t 
>> > > efi_size)
>> > > if (!efi_secure_boot_enabled())
>> > > return true;
>> > >
>> > > -   new_efi = efi_prepare_aligned_image(efi, (u64 *)_size);
>> > > +   new_efi = efi_prepare_aligned_image(efi, _size);
>> > > if (!new_efi)
>> > > return false;
>> > >
>> > > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
>> > > index 49f8a5e77cbf..d57afd0c498b 100644
>> > > --- a/lib/efi_loader/efi_tcg2.c
>> > > +++ b/lib/efi_loader/efi_tcg2.c
>> > > @@ -882,7 +882,7 @@ out:
>> > >   *
>> > >   * Return: status code
>> > >   */
>> > > -static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
>> > > +static efi_status_t tcg2_hash_pe_image(void *efi, size_t efi_size,
>> > >struct tpml_digest_values 
>> > > *digest_list)
>> >
>> > Unfortunately the rabbit hole is a bit deeper with this one.
>> > tcg2_hash_pe_image() is called in
>> > - tcg2_measure_pe_image(). This one is called in efi_load_pe() and the type
>> >   is indeed a size_t there, so that's fine
>> > - efi_tcg2_hash_log_extend_event(), this one is different...
>> > The function is described by the EFI spec [0] which mandates a u64... I
>> > think that was the reason efi_prepare_aligned_image() is using a u64 to
>> > begin with.  This one uses the size only though not the pointer, but in a
>> > 32bit platform it would truncate s size > UINT_MAX.
>> >
>> > [0] 
>> > https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
>>
>> I have maybe misread something...  I don't think this is a real issue.
>> 32bit systems aren't going to be able to allocate that much memory
>> anyway.  Also there are a lot of size_t parameters already so it's not
>> a new issue.
>
>We should really use ulong for addresses and malloc() sizes.

Please, do not abuse long.

According to the C specification the size of long is independent of the size of 
pointers.

Addresses should be pointers and sizes should be size_t.

Best regards

Heinrich

Re: [PATCH v2] efi_loader: Fix memory corruption on 32bit systems

2023-07-27 Thread Simon Glass

Hi,

On Thu, 27 Jul 2023 at 08:36, Dan Carpenter  wrote:
>
> On Thu, Jul 27, 2023 at 11:22:15AM +0300, Ilias Apalodimas wrote:
> > Hi Dan,
> >
> > [...]
> >
> > > @@ -313,7 +313,7 @@ static int cmp_pe_section(const void *arg1, const 
> > > void *arg2)
> > >   *
> > >   * Return: valid pointer to a image, return NULL if allocation fails.
> > >   */
> > > -void *efi_prepare_aligned_image(void *efi, u64 *efi_size)
> > > +void *efi_prepare_aligned_image(void *efi, size_t *efi_size)
> > >  {
> > > size_t new_efi_size;
> > > void *new_efi;
> > > @@ -600,7 +600,7 @@ static bool efi_image_authenticate(void *efi, size_t 
> > > efi_size)
> > > if (!efi_secure_boot_enabled())
> > > return true;
> > >
> > > -   new_efi = efi_prepare_aligned_image(efi, (u64 *)_size);
> > > +   new_efi = efi_prepare_aligned_image(efi, _size);
> > > if (!new_efi)
> > > return false;
> > >
> > > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> > > index 49f8a5e77cbf..d57afd0c498b 100644
> > > --- a/lib/efi_loader/efi_tcg2.c
> > > +++ b/lib/efi_loader/efi_tcg2.c
> > > @@ -882,7 +882,7 @@ out:
> > >   *
> > >   * Return: status code
> > >   */
> > > -static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
> > > +static efi_status_t tcg2_hash_pe_image(void *efi, size_t efi_size,
> > >struct tpml_digest_values *digest_list)
> >
> > Unfortunately the rabbit hole is a bit deeper with this one.
> > tcg2_hash_pe_image() is called in
> > - tcg2_measure_pe_image(). This one is called in efi_load_pe() and the type
> >   is indeed a size_t there, so that's fine
> > - efi_tcg2_hash_log_extend_event(), this one is different...
> > The function is described by the EFI spec [0] which mandates a u64... I
> > think that was the reason efi_prepare_aligned_image() is using a u64 to
> > begin with.  This one uses the size only though not the pointer, but in a
> > 32bit platform it would truncate s size > UINT_MAX.
> >
> > [0] 
> > https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
>
> I have maybe misread something...  I don't think this is a real issue.
> 32bit systems aren't going to be able to allocate that much memory
> anyway.  Also there are a lot of size_t parameters already so it's not
> a new issue.

We should really use ulong for addresses and malloc() sizes.

Regards,
Simon

Re: [PATCH v2] efi_loader: Fix memory corruption on 32bit systems

2023-07-27 Thread Dan Carpenter

On Thu, Jul 27, 2023 at 11:22:15AM +0300, Ilias Apalodimas wrote:
> Hi Dan, 
> 
> [...]
> 
> > @@ -313,7 +313,7 @@ static int cmp_pe_section(const void *arg1, const void 
> > *arg2)
> >   *
> >   * Return: valid pointer to a image, return NULL if allocation fails.
> >   */
> > -void *efi_prepare_aligned_image(void *efi, u64 *efi_size)
> > +void *efi_prepare_aligned_image(void *efi, size_t *efi_size)
> >  {
> > size_t new_efi_size;
> > void *new_efi;
> > @@ -600,7 +600,7 @@ static bool efi_image_authenticate(void *efi, size_t 
> > efi_size)
> > if (!efi_secure_boot_enabled())
> > return true;
> >  
> > -   new_efi = efi_prepare_aligned_image(efi, (u64 *)_size);
> > +   new_efi = efi_prepare_aligned_image(efi, _size);
> > if (!new_efi)
> > return false;
> >  
> > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> > index 49f8a5e77cbf..d57afd0c498b 100644
> > --- a/lib/efi_loader/efi_tcg2.c
> > +++ b/lib/efi_loader/efi_tcg2.c
> > @@ -882,7 +882,7 @@ out:
> >   *
> >   * Return: status code
> >   */
> > -static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
> > +static efi_status_t tcg2_hash_pe_image(void *efi, size_t efi_size,
> >struct tpml_digest_values *digest_list)
> 
> Unfortunately the rabbit hole is a bit deeper with this one.
> tcg2_hash_pe_image() is called in 
> - tcg2_measure_pe_image(). This one is called in efi_load_pe() and the type
>   is indeed a size_t there, so that's fine
> - efi_tcg2_hash_log_extend_event(), this one is different...
> The function is described by the EFI spec [0] which mandates a u64... I
> think that was the reason efi_prepare_aligned_image() is using a u64 to
> begin with.  This one uses the size only though not the pointer, but in a
> 32bit platform it would truncate s size > UINT_MAX.
> 
> [0] 
> https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf

I have maybe misread something...  I don't think this is a real issue.
32bit systems aren't going to be able to allocate that much memory
anyway.  Also there are a lot of size_t parameters already so it's not
a new issue.

regards,
dan carpenter

[PATCH v2] efi_loader: Fix memory corruption on 32bit systems

2023-07-27 Thread Dan Carpenter

The issue is this line:

new_efi = efi_prepare_aligned_image(efi, (u64 *)_size);

The efi_size variable is type size_t and on a 32 bit system that's 32
bits.  The u64 type is obviously 64 bits.  So we write 8 bytes to a 4
byte buffer which corrupts memory.

Fix this by changing the type of efi_prepare_aligned_image() to a
size_t pointer.

Signed-off-by: Dan Carpenter 
---
v2: Change efi_prepare_aligned_image() instead of changing
efi_image_authenticate().  This is a cleaner way to fix the problem.

 include/efi_loader.h  | 2 +-
 lib/efi_loader/efi_image_loader.c | 4 ++--
 lib/efi_loader/efi_tcg2.c | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/efi_loader.h b/include/efi_loader.h
index b5fa0fe01ded..9c1a9ed16af6 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -1022,7 +1022,7 @@ bool efi_secure_boot_enabled(void);
 
 bool efi_capsule_auth_enabled(void);
 
-void *efi_prepare_aligned_image(void *efi, u64 *efi_size);
+void *efi_prepare_aligned_image(void *efi, size_t *efi_size);
 
 bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
 WIN_CERTIFICATE **auth, size_t *auth_len);
diff --git a/lib/efi_loader/efi_image_loader.c 
b/lib/efi_loader/efi_image_loader.c
index 26df0da16c93..64980008403b 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -313,7 +313,7 @@ static int cmp_pe_section(const void *arg1, const void 
*arg2)
  *
  * Return: valid pointer to a image, return NULL if allocation fails.
  */
-void *efi_prepare_aligned_image(void *efi, u64 *efi_size)
+void *efi_prepare_aligned_image(void *efi, size_t *efi_size)
 {
size_t new_efi_size;
void *new_efi;
@@ -600,7 +600,7 @@ static bool efi_image_authenticate(void *efi, size_t 
efi_size)
if (!efi_secure_boot_enabled())
return true;
 
-   new_efi = efi_prepare_aligned_image(efi, (u64 *)_size);
+   new_efi = efi_prepare_aligned_image(efi, _size);
if (!new_efi)
return false;
 
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 49f8a5e77cbf..d57afd0c498b 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -882,7 +882,7 @@ out:
  *
  * Return: status code
  */
-static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
+static efi_status_t tcg2_hash_pe_image(void *efi, size_t efi_size,
   struct tpml_digest_values *digest_list)
 {
WIN_CERTIFICATE *wincerts = NULL;
-- 
2.39.2

Re: [PATCH v2] efi_loader: Fix memory corruption on 32bit systems

2023-07-27 Thread Ilias Apalodimas

Hi Dan, 

[...]

> @@ -313,7 +313,7 @@ static int cmp_pe_section(const void *arg1, const void 
> *arg2)
>   *
>   * Return:   valid pointer to a image, return NULL if allocation fails.
>   */
> -void *efi_prepare_aligned_image(void *efi, u64 *efi_size)
> +void *efi_prepare_aligned_image(void *efi, size_t *efi_size)
>  {
>   size_t new_efi_size;
>   void *new_efi;
> @@ -600,7 +600,7 @@ static bool efi_image_authenticate(void *efi, size_t 
> efi_size)
>   if (!efi_secure_boot_enabled())
>   return true;
>  
> - new_efi = efi_prepare_aligned_image(efi, (u64 *)_size);
> + new_efi = efi_prepare_aligned_image(efi, _size);
>   if (!new_efi)
>   return false;
>  
> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> index 49f8a5e77cbf..d57afd0c498b 100644
> --- a/lib/efi_loader/efi_tcg2.c
> +++ b/lib/efi_loader/efi_tcg2.c
> @@ -882,7 +882,7 @@ out:
>   *
>   * Return:   status code
>   */
> -static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
> +static efi_status_t tcg2_hash_pe_image(void *efi, size_t efi_size,
>  struct tpml_digest_values *digest_list)

Unfortunately the rabbit hole is a bit deeper with this one.
tcg2_hash_pe_image() is called in 
- tcg2_measure_pe_image(). This one is called in efi_load_pe() and the type
  is indeed a size_t there, so that's fine
- efi_tcg2_hash_log_extend_event(), this one is different...
The function is described by the EFI spec [0] which mandates a u64... I
think that was the reason efi_prepare_aligned_image() is using a u64 to
begin with.  This one uses the size only though not the pointer, but in a
32bit platform it would truncate s size > UINT_MAX.

[0] 
https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf

Regards
/Ilias
>  {
>   WIN_CERTIFICATE *wincerts = NULL;
> -- 
> 2.39.2
>

Re: [PATCH v2] efi_loader: Fix memory corruption on 32bit systems

Re: [PATCH v2] efi_loader: Fix memory corruption on 32bit systems

Re: [PATCH v2] efi_loader: Fix memory corruption on 32bit systems

[PATCH v2] efi_loader: Fix memory corruption on 32bit systems

Re: [PATCH v2] efi_loader: Fix memory corruption on 32bit systems

5 matches

Site Navigation

Mail list logo

Footer information