Bug#922680: efivar: Debug code is buggy and may corrupt the stack, causing segfaults
Source: efivar
Version: 37
Severity: important
Dear Maintainer,
the efivar source package contains buggy diagnostics printing code, which may
corrupt the stack and cause crashes.
The culprit is the arrow() macro defined in src/util.h, which pokes a couple of
^ characters into a buffer consisting of spaces, in order to point out the
interesting parts of an output string appearing on the previous line. The
string indexing done by the macro may result in ^ or space characters to be
written outside of the allocated buffer, and since the buffer is typically
allocated on the stack, this may corrupt control flow as well as other data.
I have reported the issue here: https://github.com/rhboot/efivar/issues/124
Since we can drop this feature without any loss of functionality, the patch
below is my proposed solution for the time being, while the issue gets
addressed upstream.
--- src/util.h.orig 2019-02-19 12:05:56.620746098 +0100
+++ src/util.h 2019-02-19 12:06:06.265005068 +0100
@@ -379,7 +379,7 @@
#undef log
#endif
#define log(level, fmt, args...) log_(__FILE__, __LINE__, __func__, level,
fmt, ## args)
-#define arrow(l,b,o,p,n,m) ({if(n==m){char c_=b[p+1]; b[o]='^';
b[p+o]='^';b[p+o+1]='\0';log(l,"%s",b);b[o]=' ';b[p+o]=' ';b[p+o+1]=c_;}})
+#define arrow(l,b,o,p,n,m)
#define debug(fmt, args...) log(LOG_DEBUG, fmt, ## args)
#endif /* EFIVAR_UTIL_H */
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf
Kernel: Linux 4.20.10+ (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: