[PATCH 16/24] efi/printf: Turn vsprintf into vsnprintf

From: Arvind Sankar <nivedita@alum.mit.edu>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: linux-efi@vger.kernel.org
Subject: [PATCH 16/24] efi/printf: Turn vsprintf into vsnprintf
Date: Mon, 18 May 2020 15:07:08 -0400	[thread overview]
Message-ID: <20200518190716.751506-17-nivedita@alum.mit.edu> (raw)
In-Reply-To: <20200518190716.751506-1-nivedita@alum.mit.edu>

Implement vsnprintf instead of vsprintf to avoid the possibility of a
buffer overflow.

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
---
 .../firmware/efi/libstub/efi-stub-helper.c    |  6 ++-
 drivers/firmware/efi/libstub/vsprintf.c       | 42 +++++++++++--------
 2 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index 56b3b84fd3bd..5ecafc57619a 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -60,10 +60,14 @@ int efi_printk(const char *fmt, ...)
 	int printed;
 
 	va_start(args, fmt);
-	printed = vsprintf(printf_buf, fmt, args);
+	printed = vsnprintf(printf_buf, sizeof(printf_buf), fmt, args);
 	va_end(args);
 
 	efi_puts(printf_buf);
+	if (printed >= sizeof(printf_buf)) {
+		efi_puts("[Message truncated]\n");
+		return -1;
+	}
 
 	return printed;
 }
diff --git a/drivers/firmware/efi/libstub/vsprintf.c b/drivers/firmware/efi/libstub/vsprintf.c
index 7dcbc04498e7..36f2f4cf7434 100644
--- a/drivers/firmware/efi/libstub/vsprintf.c
+++ b/drivers/firmware/efi/libstub/vsprintf.c
@@ -17,6 +17,7 @@
 #include <linux/kernel.h>
 #include <linux/limits.h>
 #include <linux/string.h>
+#include <linux/types.h>
 
 static
 int skip_atoi(const char **s)
@@ -237,16 +238,22 @@ char get_sign(long long *num, int flags)
 	return 0;
 }
 
-int vsprintf(char *buf, const char *fmt, va_list ap)
+#define PUTC(c) \
+do {				\
+	if (pos < size)		\
+		buf[pos] = (c);	\
+	++pos;			\
+} while (0);
+
+int vsnprintf(char *buf, size_t size, const char *fmt, va_list ap)
 {
 	/* The maximum space required is to print a 64-bit number in octal */
 	char tmp[(sizeof(unsigned long long) * 8 + 2) / 3];
 	char *tmp_end = &tmp[ARRAY_SIZE(tmp)];
 	long long num;
 	int base;
-	char *str;
 	const char *s;
-	int len;
+	size_t len, pos;
 	char sign;
 
 	int flags;		/* flags to number() */
@@ -274,9 +281,9 @@ int vsprintf(char *buf, const char *fmt, va_list ap)
 	 */
 	va_copy(args, ap);
 
-	for (str = buf; *fmt; ++fmt) {
+	for (pos = 0; *fmt; ++fmt) {
 		if (*fmt != '%' || *++fmt == '%') {
-			*str++ = *fmt;
+			PUTC(*fmt);
 			continue;
 		}
 
@@ -415,40 +422,41 @@ int vsprintf(char *buf, const char *fmt, va_list ap)
 		/* Leading padding with ' ' */
 		if (!(flags & LEFT))
 			while (field_width-- > 0)
-				*str++ = ' ';
+				PUTC(' ');
 		/* sign */
 		if (sign)
-			*str++ = sign;
+			PUTC(sign);
 		/* 0x/0X for hexadecimal */
 		if (flags & SPECIAL) {
-			*str++ = '0';
-			*str++ = 'X' | (flags & SMALL);
+			PUTC('0');
+			PUTC( 'X' | (flags & SMALL));
 		}
 		/* Zero padding and excess precision */
 		while (precision-- > len)
-			*str++ = '0';
+			PUTC('0');
 		/* Actual output */
 		while (len-- > 0)
-			*str++ = *s++;
+			PUTC(*s++);
 		/* Trailing padding with ' ' */
 		while (field_width-- > 0)
-			*str++ = ' ';
+			PUTC(' ');
 	}
 fail:
-	*str = '\0';
-
 	va_end(args);
 
-	return str - buf;
+	if (size)
+		buf[min(pos, size-1)] = '\0';
+
+	return pos;
 }
 
-int sprintf(char *buf, const char *fmt, ...)
+int snprintf(char *buf, size_t size, const char *fmt, ...)
 {
 	va_list args;
 	int i;
 
 	va_start(args, fmt);
-	i = vsprintf(buf, fmt, args);
+	i = vsnprintf(buf, size, fmt, args);
 	va_end(args);
 	return i;
 }
-- 
2.26.2

