[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 4/4] util/grub-module-verifierXX.c: Add module_size parameter
From: |
Daniel Kiper |
Subject: |
Re: [PATCH 4/4] util/grub-module-verifierXX.c: Add module_size parameter to functions for sanity checking |
Date: |
Tue, 8 Feb 2022 17:28:34 +0100 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Wed, Feb 02, 2022 at 07:27:00PM -0500, Alec Brown wrote:
> In grub-module-verifierXX.c, the function grub_module_verifyXX() performs an
> initial check that the ELF section headers are within the module's size but
> doesn't check if the sections being accessed have contents that are within the
> module's size. In particular, we need to check that sh_offset and sh_size are
> less than the module's size. However, for some section header types we don't
> need to make these checks. For the type SHT_NULL, the section header is marked
> as inactive and the rest of the members within the section header have
> undefined
> values, so we don't need to check for sh_offset or sh_size. In the case of the
> type SHT_NOBITS, sh_offset has a conceptual offset which may be beyond the
> module size. Also, this type's sh_size may have a non-zero size, but a section
> of this type will take up no space in the module. This can all be checked in
> the
> function get_shdr(), but in order to do so, the parameter module_size must be
> added to functions so that the value of the module size can be used in
> get_shdr() from grub_module_verifyXX().
>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Sadly this patch breaks one of ARM builds:
build-grub-module-verifier: error: Section 12 starts after the end of the
module.
Makefile:47473: recipe for target 'disk.mod' failed
make[3]: *** [disk.mod] Error 1
make[3]: *** Waiting for unfinished jobs....
build-grub-module-verifier: error: Section 12 starts after the end of the
module.
Makefile:47473: recipe for target 'boot.mod' failed
make[3]: *** [boot.mod] Error 1
...
You can reproduce this by doing:
./configure --target=arm-linux-gnueabihf --with-platform=coreboot
--enable-grub-mkfont --prefix="`pwd`/grub-dist"
make install
I have taken the rest of patches and skipped this one.
Daniel
- [PATCH 0/4] Clean up code and fix coverity bugs in util/grub-module-verifierXX.c, Alec Brown, 2022/02/02
- [PATCH 1/4] util/grub-module-verifierXX.c: Add function to calculate section headers, Alec Brown, 2022/02/02
- [PATCH 3/4] util/grub-module-verifierXX.c: Validate elf section header table index for section name string table, Alec Brown, 2022/02/02
- [PATCH 2/4] util/grub-module-verifierXX.c: Validate number of elf section header table entries, Alec Brown, 2022/02/02
- [PATCH 4/4] util/grub-module-verifierXX.c: Add module_size parameter to functions for sanity checking, Alec Brown, 2022/02/02
- Re: [PATCH 4/4] util/grub-module-verifierXX.c: Add module_size parameter to functions for sanity checking,
Daniel Kiper <=
- Re: [PATCH 0/4] Clean up code and fix coverity bugs in util/grub-module-verifierXX.c, Darren Kenny, 2022/02/03