All of lore.kernel.org
 help / color / mirror / Atom feed
From: Masahiro Yamada <masahiroy@kernel.org>
To: Nicolas Schier <nicolas@fjasle.eu>
Cc: "Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
	"Linux Kbuild mailing list" <linux-kbuild@vger.kernel.org>,
	"Thomas Kühnel" <thomas.kuehnel@avm.de>
Subject: Re: [PATCH] initramfs: Check timestamp to prevent broken cpio archive
Date: Tue, 12 Oct 2021 11:02:33 +0900	[thread overview]
Message-ID: <CAK7LNASDu7RK0vLtx1991abx880DtQHK+U2FK3qKbH5Kcz3ipw@mail.gmail.com> (raw)
In-Reply-To: <20211007185900.2801788-1-nicolas@fjasle.eu>

On Fri, Oct 8, 2021 at 3:59 AM Nicolas Schier <nicolas@fjasle.eu> wrote:
>
> Cpio format reserves 8 bytes for an ASCII representation of a time_t timestamp.
> While 2106-02-07 06:28:15 (time_t = 0xffffffff) is still some years in the
> future, a poorly chosen date string for KBUILD_BUILD_TIMESTAMP, converted into
> seconds since the epoch, might lead to exceeded cpio timestamp limits that
> results in a broken cpio archive.  Add timestamp checks to prevent overrun of
> the 8-byte cpio header field.

Out of curiosity, how did you figure out
"2106-02-07 06:28:15" was the overflow point?
Is it affected by leap seconds?


I got ffff816f


$ printf "%x"  $(date -d'2106-02-07 06:28:15'  +%s)
ffff816f




> My colleague Thomas Kühnel discovered the behaviour, when we accidentally fed
> SOURCE_DATE_EPOCH to KBUILD_BUILD_TIMESTAMP as is: some timestamps (e.g.
> 1607420928 = 2021-12-08 10:48:48) will be interpreted by `date` as a valid date
> specification of science fictional times (here: year 160742).  Even though this
> is bad input for KBUILD_BUILD_TIMESTAMP, it should not break the initramfs
> cpio format.
>
> Signed-off-by: Nicolas Schier <nicolas@fjasle.eu>
> Cc: Thomas Kühnel <thomas.kuehnel@avm.de>
> ---
>  usr/gen_init_cpio.c | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
>
> diff --git a/usr/gen_init_cpio.c b/usr/gen_init_cpio.c
> index 03b21189d58b..983dcdd35925 100644
> --- a/usr/gen_init_cpio.c
> +++ b/usr/gen_init_cpio.c
> @@ -320,6 +320,12 @@ static int cpio_mkfile(const char *name, const char *location,
>                 goto error;
>         }
>
> +       if (buf.st_mtime > 0xffffffff) {
> +               fprintf(stderr, "%s: Timestamp exceeds maximum cpio timestamp, clipping.\n",
> +                       location);
> +               buf.st_mtime = 0xffffffff;
> +       }
> +
>         filebuf = malloc(buf.st_size);
>         if (!filebuf) {
>                 fprintf (stderr, "out of memory\n");
> @@ -551,6 +557,17 @@ int main (int argc, char *argv[])
>                 }
>         }
>
> +       /*
> +        * Timestamps after 2106-02-07 06:28:15 have an ascii hex time_t
> +        * representation that exceeds 8 chars and breaks the cpio header
> +        * specification.
> +        */
> +       if (default_mtime > 0xffffffff) {
> +               fprintf(stderr, "ERROR: Timestamp 0x%08x too large for cpio format\n",
> +                       default_mtime);
> +               exit(1);
> +       }
> +
>         if (argc - optind != 1) {
>                 usage(argv[0]);
>                 exit(1);
> --
> 2.30.1
>


-- 
Best Regards
Masahiro Yamada

  reply	other threads:[~2021-10-12  2:03 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-07 18:59 [PATCH] initramfs: Check timestamp to prevent broken cpio archive Nicolas Schier
2021-10-12  2:02 ` Masahiro Yamada [this message]
2021-10-12  8:29   ` Nicolas Schier
2021-10-13  1:40     ` Masahiro Yamada

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAK7LNASDu7RK0vLtx1991abx880DtQHK+U2FK3qKbH5Kcz3ipw@mail.gmail.com \
    --to=masahiroy@kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nicolas@fjasle.eu \
    --cc=thomas.kuehnel@avm.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.