Re: [tboot-devel] memory-logging buffer-overflow issues

Thu, 07 Jul 2016 11:06:07 -0700 

Good catch Safayet, your patch passed review and validation, I corrected a typo 
in comment line in lz.c .  the patch was merged.


Thanks,
-Ning

From: Ahmed, Safayet (GE Global Research, US) [mailto:safayet.ah...@ge.com]
Sent: Tuesday, July 05, 2016 8:08 AM
To: tboot-devel@lists.sourceforge.net
Subject: [tboot-devel] memory-logging buffer-overflow issues

The attached patch addresses minor buffer-overflow issues and potential 
buffer-overflow issues in the memory-logging code.

1) The LZ-compress function have been modified to accept an output-buffer size. 
The header file and the memory-logging function that invokes the compress 
function have been modified accordingly.

2) A number of buffer overflow issues have been fixed in the memlog_write 
function in tboot/common/printk.c. The issues are mentioned below. In addition, 
comments have been added and the code modified to improve readability:

a) At the start of the function, g_log->zip_count may be ZIP_COUNT_MAX. Line 
105 reads (g_log->zip_pos[g_log->zip_count]) without checking g_log->zip_count. 
Line 106 reads (g_log->zip_pos[g_log->zip_count]) before checking 
g_log->zip_count.

b) Line 109 increments g_log->zip_count. After this point, g_log->zip_count may 
be ZIP_COUNT_MAX.  Lines 111, 112, 113, and 115 read and write to 
(g_log->zip_pos[g_log->zip_count]) without checking g_log->zip_count.

c) Line 99 compares (count) against (g_log->max_size). Line 103 compares 
(g_log->curr_pos + count) to (g_log->max_size). Line 105 compares 
(g_log->zip_pos[g_log->zip_count] + zip_size + count) to (g_log->max_size). 
However, line 131 can potentially write a single NULL-terminator past the end 
of the space that the previously mentioned lines check for (checking for 
"count" but potentially writing "count+1").

Signed-off-by: Safayet Ahmed <safayet.ah...@ge.com<mailto:safayet.ah...@ge.com>>

thanks,

Safayet

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to