From: Arvind Sankar <nivedita@alum.mit.edu>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-efi@vger.kernel.org
Subject: [PATCH 16/24] efi/printf: Turn vsprintf into vsnprintf
Date: Mon, 18 May 2020 15:07:08 -0400 [thread overview]
Message-ID: <20200518190716.751506-17-nivedita@alum.mit.edu> (raw)
In-Reply-To: <20200518190716.751506-1-nivedita@alum.mit.edu>
Implement vsnprintf instead of vsprintf to avoid the possibility of a
buffer overflow.
Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
---
.../firmware/efi/libstub/efi-stub-helper.c | 6 ++-
drivers/firmware/efi/libstub/vsprintf.c | 42 +++++++++++--------
2 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index 56b3b84fd3bd..5ecafc57619a 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -60,10 +60,14 @@ int efi_printk(const char *fmt, ...)
int printed;
va_start(args, fmt);
- printed = vsprintf(printf_buf, fmt, args);
+ printed = vsnprintf(printf_buf, sizeof(printf_buf), fmt, args);
va_end(args);
efi_puts(printf_buf);
+ if (printed >= sizeof(printf_buf)) {
+ efi_puts("[Message truncated]\n");
+ return -1;
+ }
return printed;
}
diff --git a/drivers/firmware/efi/libstub/vsprintf.c b/drivers/firmware/efi/libstub/vsprintf.c
index 7dcbc04498e7..36f2f4cf7434 100644
--- a/drivers/firmware/efi/libstub/vsprintf.c
+++ b/drivers/firmware/efi/libstub/vsprintf.c
@@ -17,6 +17,7 @@
#include <linux/kernel.h>
#include <linux/limits.h>
#include <linux/string.h>
+#include <linux/types.h>
static
int skip_atoi(const char **s)
@@ -237,16 +238,22 @@ char get_sign(long long *num, int flags)
return 0;
}
-int vsprintf(char *buf, const char *fmt, va_list ap)
+#define PUTC(c) \
+do { \
+ if (pos < size) \
+ buf[pos] = (c); \
+ ++pos; \
+} while (0);
+
+int vsnprintf(char *buf, size_t size, const char *fmt, va_list ap)
{
/* The maximum space required is to print a 64-bit number in octal */
char tmp[(sizeof(unsigned long long) * 8 + 2) / 3];
char *tmp_end = &tmp[ARRAY_SIZE(tmp)];
long long num;
int base;
- char *str;
const char *s;
- int len;
+ size_t len, pos;
char sign;
int flags; /* flags to number() */
@@ -274,9 +281,9 @@ int vsprintf(char *buf, const char *fmt, va_list ap)
*/
va_copy(args, ap);
- for (str = buf; *fmt; ++fmt) {
+ for (pos = 0; *fmt; ++fmt) {
if (*fmt != '%' || *++fmt == '%') {
- *str++ = *fmt;
+ PUTC(*fmt);
continue;
}
@@ -415,40 +422,41 @@ int vsprintf(char *buf, const char *fmt, va_list ap)
/* Leading padding with ' ' */
if (!(flags & LEFT))
while (field_width-- > 0)
- *str++ = ' ';
+ PUTC(' ');
/* sign */
if (sign)
- *str++ = sign;
+ PUTC(sign);
/* 0x/0X for hexadecimal */
if (flags & SPECIAL) {
- *str++ = '0';
- *str++ = 'X' | (flags & SMALL);
+ PUTC('0');
+ PUTC( 'X' | (flags & SMALL));
}
/* Zero padding and excess precision */
while (precision-- > len)
- *str++ = '0';
+ PUTC('0');
/* Actual output */
while (len-- > 0)
- *str++ = *s++;
+ PUTC(*s++);
/* Trailing padding with ' ' */
while (field_width-- > 0)
- *str++ = ' ';
+ PUTC(' ');
}
fail:
- *str = '\0';
-
va_end(args);
- return str - buf;
+ if (size)
+ buf[min(pos, size-1)] = '\0';
+
+ return pos;
}
-int sprintf(char *buf, const char *fmt, ...)
+int snprintf(char *buf, size_t size, const char *fmt, ...)
{
va_list args;
int i;
va_start(args, fmt);
- i = vsprintf(buf, fmt, args);
+ i = vsnprintf(buf, size, fmt, args);
va_end(args);
return i;
}
--
2.26.2
next prev parent reply other threads:[~2020-05-18 19:07 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-18 19:06 [PATCH 00/24] efi/libstub: Add printf implementation Arvind Sankar
2020-05-18 19:06 ` [PATCH 01/24] efi/libstub: Include dependencies of efistub.h Arvind Sankar
2020-05-18 19:06 ` [PATCH 02/24] efi/libstub: Rename efi_[char16_]printk to efi_[char16_]puts Arvind Sankar
2020-05-18 19:06 ` [PATCH 03/24] efi/libstub: Buffer output of efi_puts Arvind Sankar
2020-05-18 19:06 ` [PATCH 04/24] efi/libstub: Add a basic printf implementation Arvind Sankar
2020-05-18 19:06 ` [PATCH 05/24] efi/libstub: Optimize for size instead of speed Arvind Sankar
2020-06-05 0:31 ` Andrey Ignatov
2020-06-05 6:33 ` Ard Biesheuvel
2020-06-05 13:14 ` Arvind Sankar
2020-06-05 13:32 ` Arvind Sankar
2020-06-05 14:53 ` Ard Biesheuvel
2020-06-05 15:10 ` Arvind Sankar
2020-06-05 15:11 ` Ard Biesheuvel
2020-06-05 15:06 ` [PATCH] efi/x86: Fix build with gcc 4 Arvind Sankar
2020-06-05 16:09 ` Andrey Ignatov
2020-06-15 9:43 ` Ard Biesheuvel
2020-06-19 16:46 ` [tip: efi/urgent] " tip-bot2 for Arvind Sankar
2020-05-18 19:06 ` [PATCH 06/24] efi/printf: Drop %n format and L qualifier Arvind Sankar
2020-05-18 19:06 ` [PATCH 07/24] efi/printf: Add 64-bit and 8-bit integer support Arvind Sankar
2020-05-18 19:07 ` [PATCH 08/24] efi/printf: Factor out flags parsing and handle '%' earlier Arvind Sankar
2020-05-18 19:07 ` [PATCH 09/24] efi/printf: Fix minor bug in precision handling Arvind Sankar
2020-05-18 19:07 ` [PATCH 10/24] efi/printf: Merge 'p' with the integer formats Arvind Sankar
2020-05-18 19:07 ` [PATCH 11/24] efi/printf: Factor out width/precision parsing Arvind Sankar
2020-05-18 19:07 ` [PATCH 12/24] efi/printf: Factor out integer argument retrieval Arvind Sankar
2020-05-18 19:07 ` [PATCH 13/24] efi/printf: Handle null string input Arvind Sankar
2020-05-18 19:07 ` [PATCH 14/24] efi/printf: Refactor code to consolidate padding and output Arvind Sankar
2020-05-18 19:07 ` [PATCH 15/24] efi/printf: Abort on invalid format Arvind Sankar
2020-05-18 19:07 ` Arvind Sankar [this message]
2020-05-18 19:07 ` [PATCH 17/24] efi/libstub: Implement printk-style logging Arvind Sankar
2020-05-19 8:22 ` Ard Biesheuvel
2020-05-19 15:07 ` Arvind Sankar
2020-05-20 16:38 ` Arvind Sankar
2020-05-20 16:38 ` Ard Biesheuvel
2020-05-20 17:02 ` Arvind Sankar
2020-05-20 17:09 ` Ard Biesheuvel
2020-05-18 19:07 ` [PATCH 18/24] efi/libstub: Add definitions for console input and events Arvind Sankar
2020-05-18 19:07 ` [PATCH 19/24] efi/gop: Add an option to list out the available GOP modes Arvind Sankar
2020-05-18 19:07 ` [PATCH 20/24] efi/printf: Add support for wchar_t (UTF-16) Arvind Sankar
2020-05-18 19:07 ` [PATCH 21/24] efi/libstub: Add UTF-8 decoding to efi_puts Arvind Sankar
2020-05-18 19:07 ` [PATCH 22/24] efi/libstub: Use %ls for filename Arvind Sankar
2020-05-18 19:07 ` [PATCH 23/24] efi/libstub: Get the exact UTF-8 length Arvind Sankar
2020-05-18 19:07 ` [PATCH 24/24] efi/libstub: Use snprintf with %ls to convert the command line Arvind Sankar
2020-05-19 7:53 ` [PATCH 00/24] efi/libstub: Add printf implementation Ard Biesheuvel
2020-05-19 15:06 ` Arvind Sankar
2020-05-19 16:44 ` Ard Biesheuvel
2020-05-21 0:29 ` [PATCH] efi/libstub: Don't parse overlong command lines Arvind Sankar
2020-05-22 13:13 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200518190716.751506-17-nivedita@alum.mit.edu \
--to=nivedita@alum.mit.edu \
--cc=ardb@kernel.org \
--cc=linux-efi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.