Re: [PATCH 4/4] util/grub-module-verifierXX.c: Add module_size parameter to functions for sanity checking

[Daniel Kiper <daniel.kiper@oracle.com>]

On Wed, Feb 02, 2022 at 07:27:00PM -0500, Alec Brown wrote:
> In grub-module-verifierXX.c, the function grub_module_verifyXX() performs an
> initial check that the ELF section headers are within the module's size but
> doesn't check if the sections being accessed have contents that are within the
> module's size. In particular, we need to check that sh_offset and sh_size are
> less than the module's size. However, for some section header types we don't
> need to make these checks. For the type SHT_NULL, the section header is marked
> as inactive and the rest of the members within the section header have undefined
> values, so we don't need to check for sh_offset or sh_size. In the case of the
> type SHT_NOBITS, sh_offset has a conceptual offset which may be beyond the
> module size. Also, this type's sh_size may have a non-zero size, but a section
> of this type will take up no space in the module. This can all be checked in the
> function get_shdr(), but in order to do so, the parameter module_size must be
> added to functions so that the value of the module size can be used in
> get_shdr() from grub_module_verifyXX().
>
> Signed-off-by: Alec Brown <alec.r.brown@oracle.com>

Sadly this patch breaks one of ARM builds:
  build-grub-module-verifier: error: Section 12 starts after the end of the module.
  Makefile:47473: recipe for target 'disk.mod' failed
  make[3]: *** [disk.mod] Error 1
  make[3]: *** Waiting for unfinished jobs....
  build-grub-module-verifier: error: Section 12 starts after the end of the module.
  Makefile:47473: recipe for target 'boot.mod' failed
  make[3]: *** [boot.mod] Error 1
  ...

You can reproduce this by doing:
  ./configure --target=arm-linux-gnueabihf --with-platform=coreboot --enable-grub-mkfont --prefix="`pwd`/grub-dist"
  make install

I have taken the rest of patches and skipped this one.

Daniel