All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] diskfilter: check calloc() result for NULL
@ 2022-08-21 12:22 Daniel Axtens
  2022-08-21 12:22 ` [PATCH 2/2] diskfilter: don't make a RAID array with more than 1024 disks Daniel Axtens
  2022-10-06 13:42 ` [PATCH 1/2] diskfilter: check calloc() result for NULL Daniel Kiper
  0 siblings, 2 replies; 5+ messages in thread
From: Daniel Axtens @ 2022-08-21 12:22 UTC (permalink / raw)
  To: grub-devel; +Cc: Daniel Axtens

With wildly corrupt inputs, we can end up trying to calloc a very
large amount of memory, which will fail and give us a NULL pointer.
We need to check that to avoid a crash. (And, even if we blocked
such inputs, it is good practice to check the results of allocations
anyway.)

Signed-off-by: Daniel Axtens <dja@axtens.net>
---
 grub-core/disk/diskfilter.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
index 2edcff6e8987..4ac50320ef4e 100644
--- a/grub-core/disk/diskfilter.c
+++ b/grub-core/disk/diskfilter.c
@@ -1163,6 +1163,9 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
   array->lvs->segments->raid_member_size = disk_size;
   array->lvs->segments->nodes
     = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0]));
+  if (array->lvs->segments->nodes == NULL)
+    goto fail;
+
   array->lvs->segments->stripe_size = stripe_size;
   for (i = 0; i < nmemb; i++)
     {
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 2/2] diskfilter: don't make a RAID array with more than 1024 disks
  2022-08-21 12:22 [PATCH 1/2] diskfilter: check calloc() result for NULL Daniel Axtens
@ 2022-08-21 12:22 ` Daniel Axtens
  2022-08-22 15:55   ` Daniel Axtens
  2022-10-06 13:42 ` [PATCH 1/2] diskfilter: check calloc() result for NULL Daniel Kiper
  1 sibling, 1 reply; 5+ messages in thread
From: Daniel Axtens @ 2022-08-21 12:22 UTC (permalink / raw)
  To: grub-devel; +Cc: Daniel Axtens

This is 'belt and braces' with the last fix: we end up trying to use
too much memory in situations like corrupted Linux software raid setups
purporting to usew a huge number of disks. Simply refuse to permit such
configurations.

1024 is a bit arbitrary, yes, and I feel a bit like I'm tempting fate
here, but I think 1024 disks in an array (that grub has to read to boot!)
should be enough for anyone.

Signed-off-by: Daniel Axtens <dja@axtens.net>
---
 grub-core/disk/diskfilter.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
index 4ac50320ef4e..79c5f4db940a 100644
--- a/grub-core/disk/diskfilter.c
+++ b/grub-core/disk/diskfilter.c
@@ -1046,6 +1046,13 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
   struct grub_diskfilter_pv *pv;
   grub_err_t err;
 
+  /* We choose not to support more than 1024 disks */
+  if (nmemb > 1024)
+    {
+      grub_free (uuid);
+      return NULL;
+    }
+
   switch (level)
     {
     case 1:
-- 
2.25.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] diskfilter: don't make a RAID array with more than 1024 disks
  2022-08-21 12:22 ` [PATCH 2/2] diskfilter: don't make a RAID array with more than 1024 disks Daniel Axtens
@ 2022-08-22 15:55   ` Daniel Axtens
  2022-10-06 13:44     ` Daniel Kiper
  0 siblings, 1 reply; 5+ messages in thread
From: Daniel Axtens @ 2022-08-22 15:55 UTC (permalink / raw)
  To: grub-devel

Daniel Axtens <dja@axtens.net> writes:

> This is 'belt and braces' with the last fix: we end up trying to use
> too much memory in situations like corrupted Linux software raid setups
> purporting to usew a huge number of disks. Simply refuse to permit such
> configurations.
>
> 1024 is a bit arbitrary, yes, and I feel a bit like I'm tempting fate
> here, but I think 1024 disks in an array (that grub has to read to boot!)
> should be enough for anyone.
>
> Signed-off-by: Daniel Axtens <dja@axtens.net>
> ---
>  grub-core/disk/diskfilter.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
> index 4ac50320ef4e..79c5f4db940a 100644
> --- a/grub-core/disk/diskfilter.c
> +++ b/grub-core/disk/diskfilter.c
> @@ -1046,6 +1046,13 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
>    struct grub_diskfilter_pv *pv;
>    grub_err_t err;
>  
> +  /* We choose not to support more than 1024 disks */
> +  if (nmemb > 1024)

Ergh, nmemb is an int; I will do a v2 that also checks that it's greater
than 0 (or 1, given that it's RAID? I will do some tests.)

-- d


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] diskfilter: check calloc() result for NULL
  2022-08-21 12:22 [PATCH 1/2] diskfilter: check calloc() result for NULL Daniel Axtens
  2022-08-21 12:22 ` [PATCH 2/2] diskfilter: don't make a RAID array with more than 1024 disks Daniel Axtens
@ 2022-10-06 13:42 ` Daniel Kiper
  1 sibling, 0 replies; 5+ messages in thread
From: Daniel Kiper @ 2022-10-06 13:42 UTC (permalink / raw)
  To: Daniel Axtens; +Cc: grub-devel

On Sun, Aug 21, 2022 at 10:22:35PM +1000, Daniel Axtens wrote:
> With wildly corrupt inputs, we can end up trying to calloc a very
> large amount of memory, which will fail and give us a NULL pointer.
> We need to check that to avoid a crash. (And, even if we blocked
> such inputs, it is good practice to check the results of allocations
> anyway.)
>
> Signed-off-by: Daniel Axtens <dja@axtens.net>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] diskfilter: don't make a RAID array with more than 1024 disks
  2022-08-22 15:55   ` Daniel Axtens
@ 2022-10-06 13:44     ` Daniel Kiper
  0 siblings, 0 replies; 5+ messages in thread
From: Daniel Kiper @ 2022-10-06 13:44 UTC (permalink / raw)
  To: Daniel Axtens; +Cc: grub-devel

On Tue, Aug 23, 2022 at 01:55:26AM +1000, Daniel Axtens wrote:
> Daniel Axtens <dja@axtens.net> writes:
>
> > This is 'belt and braces' with the last fix: we end up trying to use
> > too much memory in situations like corrupted Linux software raid setups
> > purporting to usew a huge number of disks. Simply refuse to permit such
> > configurations.
> >
> > 1024 is a bit arbitrary, yes, and I feel a bit like I'm tempting fate
> > here, but I think 1024 disks in an array (that grub has to read to boot!)
> > should be enough for anyone.
> >
> > Signed-off-by: Daniel Axtens <dja@axtens.net>
> > ---
> >  grub-core/disk/diskfilter.c | 7 +++++++
> >  1 file changed, 7 insertions(+)
> >
> > diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c
> > index 4ac50320ef4e..79c5f4db940a 100644
> > --- a/grub-core/disk/diskfilter.c
> > +++ b/grub-core/disk/diskfilter.c
> > @@ -1046,6 +1046,13 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb,
> >    struct grub_diskfilter_pv *pv;
> >    grub_err_t err;
> >
> > +  /* We choose not to support more than 1024 disks */
> > +  if (nmemb > 1024)
>
> Ergh, nmemb is an int; I will do a v2 that also checks that it's greater
> than 0 (or 1, given that it's RAID? I will do some tests.)

Could you repost this patch with the fix? Or both with my RB for first one...

Daniel


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-10-06 13:45 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-21 12:22 [PATCH 1/2] diskfilter: check calloc() result for NULL Daniel Axtens
2022-08-21 12:22 ` [PATCH 2/2] diskfilter: don't make a RAID array with more than 1024 disks Daniel Axtens
2022-08-22 15:55   ` Daniel Axtens
2022-10-06 13:44     ` Daniel Kiper
2022-10-06 13:42 ` [PATCH 1/2] diskfilter: check calloc() result for NULL Daniel Kiper

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.