[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#922680: marked as done (efivar: Debug code is buggy and may corrupt the stack, causing segfaults)

Your message dated Fri, 01 Mar 2019 18:50:25 +0000
with message-id <E1gznEn-000GFg-K6@fasolo.debian.org>
and subject line Bug#922680: fixed in efivar 37-2
has caused the Debian Bug report #922680,
regarding efivar: Debug code is buggy and may corrupt the stack, causing segfaults
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
922680: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922680
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: efivar
Version: 37
Severity: important

Dear Maintainer,

the efivar source package contains buggy diagnostics printing code, which may
corrupt the stack and cause crashes.

The culprit is the arrow() macro defined in src/util.h, which pokes a couple of
^ characters into a buffer consisting of spaces, in order to point out the
interesting parts of an output string appearing on the previous line. The
string indexing done by the macro may result in ^ or space characters to be
written outside of the allocated buffer, and since the buffer is typically
allocated on the stack, this may corrupt control flow as well as other data.

I have reported the issue here: https://github.com/rhboot/efivar/issues/124

Since we can drop this feature without any loss of functionality, the patch
below is my proposed solution for the time being, while the issue gets
addressed upstream.

--- src/util.h.orig     2019-02-19 12:05:56.620746098 +0100
+++ src/util.h  2019-02-19 12:06:06.265005068 +0100
@@ -379,7 +379,7 @@
 #undef log
 #endif
 #define log(level, fmt, args...) log_(__FILE__, __LINE__, __func__, level,
fmt, ## args)
-#define arrow(l,b,o,p,n,m) ({if(n==m){char c_=b[p+1]; b[o]='^';
b[p+o]='^';b[p+o+1]='\0';log(l,"%s",b);b[o]=' ';b[p+o]=' ';b[p+o+1]=c_;}})
+#define arrow(l,b,o,p,n,m)
 #define debug(fmt, args...) log(LOG_DEBUG, fmt, ## args)

 #endif /* EFIVAR_UTIL_H */






-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf

Kernel: Linux 4.20.10+ (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
Source: efivar
Source-Version: 37-2

We believe that the bug you reported is fixed in the latest version of
efivar, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 922680@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve McIntyre <93sam@debian.org> (supplier of updated efivar package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 Mar 2019 17:55:07 +0000
Source: efivar
Architecture: source
Version: 37-2
Distribution: unstable
Urgency: medium
Maintainer: Debian UEFI Maintainers <debian-efi@lists.debian.org>
Changed-By: Steve McIntyre <93sam@debian.org>
Closes: 922680
Changes:
 efivar (37-2) unstable; urgency=medium
 .
   * Cherry-pick fix from upstream:
     + Get rid of the arrows in our debug messages. (Closes: #922680)
Checksums-Sha1:
 c1378138351f0f4bd03c5bfd256a0e249daeb486 2432 efivar_37-2.dsc
 c96108b8e4a8f9308d806861dc067abaa0b760e3 9236 efivar_37-2.debian.tar.xz
 6b09cb4e77ffb5cf5f976f730ad0803e2fd22371 5056 efivar_37-2_source.buildinfo
Checksums-Sha256:
 716d0c325167cf212b0d5c982568921029f02af50704ac3327e04d1e8067ee98 2432 efivar_37-2.dsc
 467e349f2f30d6574d7e72de98fd946fb6840145d3db8707fa7eddaa88737db1 9236 efivar_37-2.debian.tar.xz
 88b9d4b8d06f9f7bf7be5b8a0562858d80d9dba24575cc80d734f685280f5d3b 5056 efivar_37-2_source.buildinfo
Files:
 9968b53aa1241f6e21a8acd7065f12b8 2432 libs optional efivar_37-2.dsc
 3c31f3091f5d4e3703811a1c4da98d1b 9236 libs optional efivar_37-2.debian.tar.xz
 a4df12d2f6ef8b2d01973f5535fe4d6d 5056 libs optional efivar_37-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAlx5eS4RHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE5YPRAAigzqax76Jp6kUJIMTQEHcy10OG2Dzh5O
7LwkY//NBPaur5BF1fMMbTPJ/grgdX4ZVqQY+U9b/jKsKLWwqTOqE5ltsze/Tlhk
8AzW4mMfL5cU1qTvjG3pt6GWSQetvyYfilXuYcTAuybiDTYCeXUxOdT8l6sYCD2h
KwI5OA4JafyGpujwSgolQYk7XXFyaSi0HhY1zIlyQ01rHExfWJPSBV8WMpC//v0G
X94kwCh7jql5y36ppgnP/WrjbrLMPZQP2jNUtgLnmjGx0w9NzvGNrNsfEU0D3otB
HiSa2OhBPcayIveI1O4c3QqX3irVe5PXcxo3rZXGmS8D6PESLqTEGXhpBYstqtIT
BTlX+oGQscH0UEh/RRAqUCxyB9XFxrDSLBl3+ckLiPlu/xnuMh+IGcmOW5G1sF/S
NlumtTus7tQS5ZVz604kF9X77kTLJu5++F6RHCJV7zVwIdQXTcxPKSX+jOSjZCuZ
Fln3PpD5bxCYmPEwbCO9eJy2j21rXtXdiriOr1NJKytTGBSY9GEYcbeOwUxldBqj
1ubRAktotOBBQruzRVYgacHuqfoYw6m7ClyyZp//OmhrR7V1vVEqaQpom4Nuh++M
PH/ZRRIRrWpkewWstICATkoPapRlott2RsA2/XcB0mL26UK8//AVQs+fL6sGRJom
a2/WoOt7lRU=
=CJ4D
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: