lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 16 Mar 2021 15:38:20 -0400
From:   Alexandre Ghiti <alex@...ti.fr>
To:     Rob Herring <robh+dt@...nel.org>,
        Frank Rowand <frowand.list@...il.com>,
        Dmitry Vyukov <dvyukov@...gle.com>, devicetree@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     Alexandre Ghiti <alex@...ti.fr>
Subject: [PATCH] driver: of: Properly truncate command line if too long

In case the command line given by the user is too long, warn about it
and truncate it to the last full argument.

This is what efi already does in commit 80b1bfe1cb2f ("efi/libstub:
Don't parse overlong command lines").

Reported-by: Dmitry Vyukov <dvyukov@...gle.com>
Signed-off-by: Alexandre Ghiti <alex@...ti.fr>
---
 drivers/of/fdt.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index dcc1dd96911a..de4c6f9bac39 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -25,6 +25,7 @@
 #include <linux/serial_core.h>
 #include <linux/sysfs.h>
 #include <linux/random.h>
+#include <linux/ctype.h>
 
 #include <asm/setup.h>  /* for COMMAND_LINE_SIZE */
 #include <asm/page.h>
@@ -1050,9 +1051,27 @@ int __init early_init_dt_scan_chosen(unsigned long node, const char *uname,
 
 	/* Retrieve command line */
 	p = of_get_flat_dt_prop(node, "bootargs", &l);
-	if (p != NULL && l > 0)
+	if (p != NULL && l > 0) {
 		strlcpy(data, p, min(l, COMMAND_LINE_SIZE));
 
+		/*
+		 * If the given command line size is larger than
+		 * COMMAND_LINE_SIZE, truncate it to the last complete
+		 * parameter.
+		 */
+		if (l > COMMAND_LINE_SIZE) {
+			char *cmd_p = (char *)data + COMMAND_LINE_SIZE - 1;
+
+			while (!isspace(*cmd_p))
+				cmd_p--;
+
+			*cmd_p = '\0';
+
+			pr_err("Command line is too long: truncated to %d bytes\n",
+			       (int)(cmd_p - (char *)data + 1));
+		}
+	}
+
 	/*
 	 * CONFIG_CMDLINE is meant to be a default in case nothing else
 	 * managed to set the command line, unless CONFIG_CMDLINE_FORCE
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ