* [PATCH 0/2] moveconfig fixes
@ 2020-02-12 19:46 Markus Klotzbuecher
2020-02-12 19:46 ` [PATCH 1/2] moveconfig: replace unsafe eval with asteval Markus Klotzbuecher
2020-02-12 19:46 ` [PATCH 2/2] moveconfig: convert ps.stderr to string Markus Klotzbuecher
0 siblings, 2 replies; 7+ messages in thread
From: Markus Klotzbuecher @ 2020-02-12 19:46 UTC (permalink / raw)
To: u-boot
Two fixes to moveconfig: the first addresses a potential security
issue reported by Heinrich Schuchardt caused by using the Python
built-in eval to expand CONFIG_ value expressions. Running moveconfig
on a maliciously prepared CONFIG could lead to execution of arbitrary
Python code. The second is a Python3 bugfix.
Markus Klotzbuecher (2):
moveconfig: replace unsafe eval with asteval
moveconfig: convert ps.stderr to string
tools/moveconfig.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--
2.25.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] moveconfig: replace unsafe eval with asteval
2020-02-12 19:46 [PATCH 0/2] moveconfig fixes Markus Klotzbuecher
@ 2020-02-12 19:46 ` Markus Klotzbuecher
2020-02-12 22:14 ` Heinrich Schuchardt
2020-02-25 19:00 ` Tom Rini
2020-02-12 19:46 ` [PATCH 2/2] moveconfig: convert ps.stderr to string Markus Klotzbuecher
1 sibling, 2 replies; 7+ messages in thread
From: Markus Klotzbuecher @ 2020-02-12 19:46 UTC (permalink / raw)
To: u-boot
Commit b237d358b "moveconfig: expand simple expressions" added support
for expanding expressions in configs, but used the unsafe python
built-in "eval". This patch fixes this by replacing eval with the
asteval module.
Signed-off-by: Markus Klotzbuecher <mk@mkio.de>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Heiko Schocher <hs@denx.de>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Joe Hershberger <joe.hershberger@ni.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
---
tools/moveconfig.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/moveconfig.py b/tools/moveconfig.py
index 36160a3977..df20ec66af 100755
--- a/tools/moveconfig.py
+++ b/tools/moveconfig.py
@@ -295,6 +295,7 @@ To see the complete list of supported options, run
"""
+import asteval
import collections
import copy
import difflib
@@ -808,10 +809,11 @@ def try_expand(line):
return line
try:
+ aeval = asteval.Interpreter( usersyms=SIZES, minimal=True )
cfg, val = re.split("=", line)
val= val.strip('\"')
if re.search("[*+-/]|<<|SZ_+|\(([^\)]+)\)", val):
- newval = hex(eval(val, SIZES))
+ newval = hex(aeval(val))
print("\tExpanded expression %s to %s" % (val, newval))
return cfg+'='+newval
except:
--
2.25.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] moveconfig: convert ps.stderr to string
2020-02-12 19:46 [PATCH 0/2] moveconfig fixes Markus Klotzbuecher
2020-02-12 19:46 ` [PATCH 1/2] moveconfig: replace unsafe eval with asteval Markus Klotzbuecher
@ 2020-02-12 19:46 ` Markus Klotzbuecher
2020-02-16 19:02 ` Simon Glass
2020-02-25 19:00 ` Tom Rini
1 sibling, 2 replies; 7+ messages in thread
From: Markus Klotzbuecher @ 2020-02-12 19:46 UTC (permalink / raw)
To: u-boot
Printing the error message in verbose mode fails, since python3
doesn't implicitely convert bytes to strings.
Signed-off-by: Markus Klotzbuecher <mk@mkio.de>
Cc: Simon Glass <sjg@chromium.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
---
tools/moveconfig.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/moveconfig.py b/tools/moveconfig.py
index df20ec66af..d8bf7fd071 100755
--- a/tools/moveconfig.py
+++ b/tools/moveconfig.py
@@ -1217,7 +1217,7 @@ class Slot:
"Failed to process.\n")
if self.options.verbose:
self.log += color_text(self.options.color, COLOR_LIGHT_CYAN,
- self.ps.stderr.read())
+ self.ps.stderr.read().decode())
self.finish(False)
def do_defconfig(self):
--
2.25.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 1/2] moveconfig: replace unsafe eval with asteval
2020-02-12 19:46 ` [PATCH 1/2] moveconfig: replace unsafe eval with asteval Markus Klotzbuecher
@ 2020-02-12 22:14 ` Heinrich Schuchardt
2020-02-25 19:00 ` Tom Rini
1 sibling, 0 replies; 7+ messages in thread
From: Heinrich Schuchardt @ 2020-02-12 22:14 UTC (permalink / raw)
To: u-boot
On 2/12/20 8:46 PM, Markus Klotzbuecher wrote:
> Commit b237d358b "moveconfig: expand simple expressions" added support
> for expanding expressions in configs, but used the unsafe python
> built-in "eval". This patch fixes this by replacing eval with the
> asteval module.
>
> Signed-off-by: Markus Klotzbuecher <mk@mkio.de>
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Heiko Schocher <hs@denx.de>
> Cc: Tom Rini <trini@konsulko.com>
> Cc: Simon Glass <sjg@chromium.org>
> Cc: Joe Hershberger <joe.hershberger@ni.com>
> Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Thanks for addressing this concern.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] moveconfig: convert ps.stderr to string
2020-02-12 19:46 ` [PATCH 2/2] moveconfig: convert ps.stderr to string Markus Klotzbuecher
@ 2020-02-16 19:02 ` Simon Glass
2020-02-25 19:00 ` Tom Rini
1 sibling, 0 replies; 7+ messages in thread
From: Simon Glass @ 2020-02-16 19:02 UTC (permalink / raw)
To: u-boot
On Wed, 12 Feb 2020 at 12:47, Markus Klotzbuecher <mk@mkio.de> wrote:
>
> Printing the error message in verbose mode fails, since python3
> doesn't implicitely convert bytes to strings.
>
> Signed-off-by: Markus Klotzbuecher <mk@mkio.de>
> Cc: Simon Glass <sjg@chromium.org>
> Cc: Tom Rini <trini@konsulko.com>
> Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
> ---
> tools/moveconfig.py | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] moveconfig: replace unsafe eval with asteval
2020-02-12 19:46 ` [PATCH 1/2] moveconfig: replace unsafe eval with asteval Markus Klotzbuecher
2020-02-12 22:14 ` Heinrich Schuchardt
@ 2020-02-25 19:00 ` Tom Rini
1 sibling, 0 replies; 7+ messages in thread
From: Tom Rini @ 2020-02-25 19:00 UTC (permalink / raw)
To: u-boot
On Wed, Feb 12, 2020 at 08:46:44PM +0100, Markus Klotzbuecher wrote:
> Commit b237d358b "moveconfig: expand simple expressions" added support
> for expanding expressions in configs, but used the unsafe python
> built-in "eval". This patch fixes this by replacing eval with the
> asteval module.
>
> Signed-off-by: Markus Klotzbuecher <mk@mkio.de>
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Heiko Schocher <hs@denx.de>
> Cc: Tom Rini <trini@konsulko.com>
> Cc: Simon Glass <sjg@chromium.org>
> Cc: Joe Hershberger <joe.hershberger@ni.com>
> Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200225/bc67fb60/attachment.sig>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] moveconfig: convert ps.stderr to string
2020-02-12 19:46 ` [PATCH 2/2] moveconfig: convert ps.stderr to string Markus Klotzbuecher
2020-02-16 19:02 ` Simon Glass
@ 2020-02-25 19:00 ` Tom Rini
1 sibling, 0 replies; 7+ messages in thread
From: Tom Rini @ 2020-02-25 19:00 UTC (permalink / raw)
To: u-boot
On Wed, Feb 12, 2020 at 08:46:45PM +0100, Markus Klotzbuecher wrote:
> Printing the error message in verbose mode fails, since python3
> doesn't implicitely convert bytes to strings.
>
> Signed-off-by: Markus Klotzbuecher <mk@mkio.de>
> Cc: Simon Glass <sjg@chromium.org>
> Cc: Tom Rini <trini@konsulko.com>
> Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200225/b6898bab/attachment.sig>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-02-25 19:00 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-12 19:46 [PATCH 0/2] moveconfig fixes Markus Klotzbuecher
2020-02-12 19:46 ` [PATCH 1/2] moveconfig: replace unsafe eval with asteval Markus Klotzbuecher
2020-02-12 22:14 ` Heinrich Schuchardt
2020-02-25 19:00 ` Tom Rini
2020-02-12 19:46 ` [PATCH 2/2] moveconfig: convert ps.stderr to string Markus Klotzbuecher
2020-02-16 19:02 ` Simon Glass
2020-02-25 19:00 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.