pool/s390-tools
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7230df2ed5
s390-tools/s390-tools-sles15sp2-04-zipl-libc-Indicate-truncated-lines-in-printf-with.patch

83 lines
2.9 KiB
Diff
Raw Normal View History

Accepting request 783519 from home:markkp:branches:Base:System - Added the following patches for bsc#1165978. zpcictl --reset only issues a SCLP reset and leaves the PCI function in an error state. Initiate an OS level recovery by calling /sys/bus/devices/<dev>/recover after the SCLP reset. * s390-tools-sles15sp2-01-zpcictl-Initiate-recover-after-reset.patch * s390-tools-sles15sp2-02-zpcictl-Rename-misleading-sysfs_write_data.patch * s390-tools-sles15sp2-03-zpcitctl-Exit-on-error-in-sysfs_report_error.patch - The zipl boot loader may crash during boot. The solution is to implement vsnprintf and make use of it. (bsc#1165317) * s390-tools-sles15sp2-01-zipl-libc-Introduce-vsnprintf.patch * s390-tools-sles15sp2-02-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch * s390-tools-sles15sp2-03-zipl-libc-Replace-sprintf-with-snprintf.patch * s390-tools-sles15sp2-04-zipl-libc-Indicate-truncated-lines-in-printf-with.patch OBS-URL: https://build.opensuse.org/request/show/783519 OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=90
2020-03-10 20:03:33 +01:00
Subject: [PATCH] [BZ 184060] zipl/libc: Indicate truncated lines in printf with '...'
From: Philipp Rudo <prudo@linux.ibm.com>
Description: zipl/libc: Fix potential buffer overflow in printf
Symptom: Crash of the zipl boot loader during boot.
Problem: The zipl boot loaders have their own minimalistic libc
implementation. In it printf and sprintf use vsprintf for string
formatting. Per definition vsprintf assumes that the buffer it
writes to is large enough to contain the formatted string and
performs no size checks. This is problematic for the boot
loaders because the buffer they use are often allocated on the
stack. Thus even small changes to the string format can
potentially cause buffer overflows on the stack.
Solution: Implement vsnprintf and make use of it.
Reproduction: Use printf to print a string with >81 characters (exact number
depends on the stack layout/compiler used).
Upstream-ID: 36fed0e6c6590631c4ce1707c8fe3c3397bcce4d
Problem-ID: 184060
Upstream-Description:
zipl/libc: Indicate truncated lines in printf with '...'
Append '...' to lines exceeding the maximum line length instead of
silently truncating them.
Suggested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Stefan Haberland <sth@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
---
zipl/boot/libc.c | 10 ++++++++--
zipl/boot/libc.h | 1 +
zipl/boot/menu.h | 1 -
3 files changed, 9 insertions(+), 3 deletions(-)
--- a/zipl/boot/libc.c
+++ b/zipl/boot/libc.c
@@ -408,11 +408,17 @@ void snprintf(char *buf, unsigned long s
*/
void printf(const char *fmt, ...)
{
- char buf[81];
+ char buf[LINE_LENGTH + 1];
+ int len;
va_list va;
va_start(va, fmt);
- vsnprintf(buf, sizeof(buf), fmt, va);
+ len = vsnprintf(buf, sizeof(buf), fmt, va);
+ if (len > LINE_LENGTH) {
+ buf[LINE_LENGTH - 1] = '.';
+ buf[LINE_LENGTH - 2] = '.';
+ buf[LINE_LENGTH - 3] = '.';
+ }
sclp_print(buf);
va_end(va);
}
--- a/zipl/boot/libc.h
+++ b/zipl/boot/libc.h
@@ -40,6 +40,7 @@
#define ENOTTY 25 /* Not a typewriter */
#define MIB (1024ULL * 1024)
+#define LINE_LENGTH 80 /* max line length printed by printf */
typedef unsigned long long uint64_t;
typedef unsigned int uint32_t;
--- a/zipl/boot/menu.h
+++ b/zipl/boot/menu.h
@@ -20,7 +20,6 @@
/* max command line length */
#define COMMAND_LINE_SIZE 896
#define BOOT_MENU_ENTRIES 63
-#define LINE_LENGTH 80
#define PARAM_SIZE 8
#define TEXT_OFFSET 4
Reference in New Issue Copy Permalink