From owner-dev-commits-src-branches@freebsd.org Fri May 21 01:00:35 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B766064CCC4; Fri, 21 May 2021 01:00:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FmSvl4mrdz3rhs; Fri, 21 May 2021 01:00:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8C0372FEB1; Fri, 21 May 2021 01:00:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14L10ZSe000633; Fri, 21 May 2021 01:00:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14L10ZCe000632; Fri, 21 May 2021 01:00:35 GMT (envelope-from git) Date: Fri, 21 May 2021 01:00:35 GMT Message-Id: <202105210100.14L10ZCe000632@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 3099792c874d - stable/13 - MFC fixes to hostuuid handling MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3099792c874dee0645672c7609d3db1373d9e5a4 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2021 01:00:35 -0000 The branch stable/13 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=3099792c874dee0645672c7609d3db1373d9e5a4 commit 3099792c874dee0645672c7609d3db1373d9e5a4 Author: Colin Percival AuthorDate: 2021-05-15 05:57:38 +0000 Commit: Colin Percival CommitDate: 2021-05-21 00:57:15 +0000 MFC fixes to hostuuid handling 330f110b: Fix 'hostuuid: preload data malformed' warning If the preloaded hostuuid value is invalid and verbose booting is enabled, a warning is printed. This printf had two bugs: 1. It was missing a trailing \n character. 2. The malformed UUID is printed with %s even though it is not known to be NUL-terminated. This commit adds the missing \n and uses %.*s with the (already known) length of the preloaded UUID to ensure that we don't read past the end of the buffer. Reported by: kevans Fixes: c3188289 Preload hostuuid for early-boot use b6be9566: Fix buffer overflow in preloaded hostuuid cleaning When a module of type "hostuuid" is provided by the loader, prison0_init strips any trailing whitespace and ASCII control characters by (a) adjusting the buffer length, and (b) zeroing out the characters in question, before storing it as the system's hostuuid. The buffer length adjustment was correct, but the zeroing overwrote one byte higher in memory than intended -- in the typical case, zeroing one byte past the end of the hostuuid buffer. Due to the layout of buffers passed by the boot loader to the kernel, this will be the first byte of a subsequent buffer. This was *probably* harmless; prison0_init runs after preloaded kernel modules have been linked and after the preloaded /boot/entropy cache has been processed, so in both cases having the first byte overwritten will not cause problems. We cannot however rule out the possibility that other objects which are preloaded by the loader could suffer from having the first byte overwritten. Since the zeroing does not in fact serve any purpose, remove it and trim trailing whitespace and ASCII control characters by adjusting the buffer length alone. Fixes: c3188289 Preload hostuuid for early-boot use Reviewed by: kevans, markj (cherry picked from commit 330f110bf1e420dc8d8ddadc4030e0ae1f1c52bd) (cherry picked from commit b6be9566d236f83ad1a44170a64b9a34e382eafa) --- sys/kern/kern_jail.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index b5c8f6ebf9be..303e31490eb1 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -257,14 +257,14 @@ prison0_init(void) * non-printable characters to be safe. */ while (size > 0 && data[size - 1] <= 0x20) { - data[size--] = '\0'; + size--; } if (validate_uuid(data, size, NULL, 0) == 0) { (void)strlcpy(prison0.pr_hostuuid, data, size + 1); } else if (bootverbose) { - printf("hostuuid: preload data malformed: '%s'", - data); + printf("hostuuid: preload data malformed: '%.*s'\n", + (int)size, data); } } }