** Description changed: + [Impact] + * Crash of the zipl boot loader during boot. + * due to printf buffer overflow in zipl/libc implementation + + [Test Case] + * Use printf to print a string with >81 characters + (exact number depends on the stack layout/compiler used). + + [Where problems could occur] + * regressions in zipl could break the booting on IBM Z, in certain scenarios + * the package is only available on s390x and thus could only affect IBM Z machines + + [Other Info] + * Patches provided by IBM + * In addition to the 4 commit IDs from the original description, I needed to include part of another upstream commit, to add the "memmove()" function. This was taken from: https://github.com/ibm-s390-tools/s390-tools/commit/e764f460c457ab2a6000acb5f2eb7169866ce192 + + === Original Description === Description: zipl/libc: Fix potential buffer overflow in printf Symptom: Crash of the zipl boot loader during boot. Problem: The zipl boot loaders have their own minimalistic libc - implementation. In it printf and sprintf use vsprintf for string - formatting. Per definition vsprintf assumes that the buffer it - writes to is large enough to contain the formatted string and - performs no size checks. This is problematic for the boot - loaders because the buffer they use are often allocated on the - stack. Thus even small changes to the string format can - potentially cause buffer overflows on the stack. + implementation. In it printf and sprintf use vsprintf for string + formatting. Per definition vsprintf assumes that the buffer it + writes to is large enough to contain the formatted string and + performs no size checks. This is problematic for the boot + loaders because the buffer they use are often allocated on the + stack. Thus even small changes to the string format can + potentially cause buffer overflows on the stack. Solution: Implement vsnprintf and make use of it. Reproduction: Use printf to print a string with >81 characters (exact number - depends on the stack layout/compiler used). + depends on the stack layout/compiler used). Upstream commit(s) for s390-tools: 6fe9e6c55c69c14971dca55551009f5060418aae 8874b908254c47c8a6fd7a1aca2c7371c11035c4 f7430027b41d5ad6220e962a179c2a5213330a44 36fed0e6c6590631c4ce1707c8fe3c3397bcce4d - - Problem was introduced with version 1.24. Therefore these patches need to be applied to all distros in service. + Problem was introduced with version 1.24. Therefore these patches need + to be applied to all distros in service.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865032 Title: [UBUNTU] zipl/libc: Fix potential buffer overflow in printf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1865032/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
