| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1370025184-23808-1-git-send-email-swarren@wwwdotorg.org>
Date: Fri, 31 May 2013 12:33:04 -0600
From: Stephen Warren <swarren@...dotorg.org>
To: David Gibson <david@...son.dropbear.id.au>, jdl@....com
Cc: devicetree-discuss@...ts.ozlabs.org, linux-kernel@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org, mmarek@...e.cz,
rob.herring@...xeda.com, grant.likely@...retlab.ca,
linux-kbuild@...r.kernel.org, Stephen Warren <swarren@...dia.com>
Subject: [PATCH V2] dtc: ensure #line directives don't consume data from the next line
From: Stephen Warren <swarren@...dia.com>
Previously, the #line parsing regex ended with ({WS}+[0-9]+)?. The {WS}
could match line-break characters. If the #line directive did not contain
the optional flags field at the end, this could cause any integer data on
the next line to be consumed as part of the #line directive parsing. This
could cause syntax errors (i.e. #line parsing consuming the leading 0
from a hex literal 0x1234, leaving x1234 to be parsed as cell data,
which is a syntax error), or invalid compilation results (i.e. simply
consuming literal 1234 as part of the #line processing, thus removing it
from the cell data).
Fix this by replacing {WS} with [ \t] so that it can't match line-breaks.
Convert all instances of {WS}, even though the other instances should be
irrelevant for any well-formed #line directive. This is done for
consistency and ultimate safety.
Reported-by: Ian Campbell <Ian.Campbell@...rix.com>
Signed-off-by: Stephen Warren <swarren@...dia.com>
---
v2: Convert all instances of {WS} in the regex.
This is a patch for dtc upstream, in response to thread "DTB build
failure due to preproccessing". If/when it's accepted into dtc, I'll
follow up with a kernel patch that makes the same fix.
---
dtc-lexer.l | 2 +-
tests/line_directives.dts | 10 ++++++++++
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/dtc-lexer.l b/dtc-lexer.l
index 254d5af..3b41bfc 100644
--- a/dtc-lexer.l
+++ b/dtc-lexer.l
@@ -71,7 +71,7 @@ static int pop_input_file(void);
push_input_file(name);
}
-<*>^"#"(line)?{WS}+[0-9]+{WS}+{STRING}({WS}+[0-9]+)? {
+<*>^"#"(line)?[ \t]+[0-9]+[ \t]+{STRING}([ \t]+[0-9]+)? {
char *line, *tmp, *fn;
/* skip text before line # */
line = yytext;
diff --git a/tests/line_directives.dts b/tests/line_directives.dts
index e9d0800..046ef37 100644
--- a/tests/line_directives.dts
+++ b/tests/line_directives.dts
@@ -8,4 +8,14 @@
# 6 "bar.dts"
/ {
+/*
+ * Make sure optional flags don't consume integer data on next line. The issue
+ * was that the {WS} in the trailing ({WS}+[0-9]+)? could cross the * line-
+ * break, and consume the leading "0" of the hex constant, leaving "x12345678"
+ * to be parsed as a number, which is invalid syntax.
+ */
+ prop1 = <
+# 10 "qux.dts"
+ 0x12345678
+ >;
};
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists