lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200905222323.1408968-3-nivedita@alum.mit.edu>
Date:   Sat,  5 Sep 2020 18:23:23 -0400
From:   Arvind Sankar <nivedita@...m.mit.edu>
To:     x86@...nel.org, kasan-dev@...glegroups.com
Cc:     Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org
Subject: [RFC PATCH 2/2] x86/cmdline: Use strscpy to initialize boot_command_line

The x86 boot protocol requires the kernel command line to be a
NUL-terminated string of length at most COMMAND_LINE_SIZE (including the
terminating NUL). In case the bootloader messed up and the command line
is too long (hence not NUL-terminated), use strscpy to copy the command
line into boot_command_line. This ensures that boot_command_line is
NUL-terminated, and it also avoids accessing beyond the actual end of
the command line if it was properly NUL-terminated.

Note that setup_arch() will already force command_line to be
NUL-terminated by using strlcpy(), as well as boot_command_line if a
builtin command line is configured. If boot_command_line was not
initially NUL-terminated, the strlen() inside of strlcpy()/strlcat()
will run beyond boot_command_line, but this is almost certainly
harmless in practice.

Signed-off-by: Arvind Sankar <nivedita@...m.mit.edu>
---
 arch/x86/kernel/head64.c  |  2 +-
 arch/x86/kernel/head_32.S | 11 +++++------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index cbb71c1b574f..740dd05b9462 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -410,7 +410,7 @@ static void __init copy_bootdata(char *real_mode_data)
 	cmd_line_ptr = get_cmd_line_ptr();
 	if (cmd_line_ptr) {
 		command_line = __va(cmd_line_ptr);
-		memcpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
+		strscpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
 	}
 
 	/*
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 7ed84c282233..2a7ced159d6b 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -102,13 +102,12 @@ SYM_CODE_START(startup_32)
 	cld
 	rep
 	movsl
-	movl pa(boot_params) + NEW_CL_POINTER,%esi
-	andl %esi,%esi
+	movl pa(boot_params) + NEW_CL_POINTER,%edx
+	testl %edx,%edx
 	jz 1f			# No command line
-	movl $pa(boot_command_line),%edi
-	movl $(COMMAND_LINE_SIZE/4),%ecx
-	rep
-	movsl
+	movl $pa(boot_command_line),%eax
+	movl $COMMAND_LINE_SIZE,%ecx
+	call strscpy
 1:
 
 #ifdef CONFIG_OLPC
-- 
2.26.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ