--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: efivar: Debug code is buggy and may corrupt the stack, causing segfaults
- From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
- Date: Tue, 19 Feb 2019 12:13:58 +0100
- Message-id: <155057483807.29343.16236244073909599539.reportbug@harold>
Source: efivar
Version: 37
Severity: important
Dear Maintainer,
the efivar source package contains buggy diagnostics printing code, which may
corrupt the stack and cause crashes.
The culprit is the arrow() macro defined in src/util.h, which pokes a couple of
^ characters into a buffer consisting of spaces, in order to point out the
interesting parts of an output string appearing on the previous line. The
string indexing done by the macro may result in ^ or space characters to be
written outside of the allocated buffer, and since the buffer is typically
allocated on the stack, this may corrupt control flow as well as other data.
I have reported the issue here: https://github.com/rhboot/efivar/issues/124
Since we can drop this feature without any loss of functionality, the patch
below is my proposed solution for the time being, while the issue gets
addressed upstream.
--- src/util.h.orig 2019-02-19 12:05:56.620746098 +0100
+++ src/util.h 2019-02-19 12:06:06.265005068 +0100
@@ -379,7 +379,7 @@
#undef log
#endif
#define log(level, fmt, args...) log_(__FILE__, __LINE__, __func__, level,
fmt, ## args)
-#define arrow(l,b,o,p,n,m) ({if(n==m){char c_=b[p+1]; b[o]='^';
b[p+o]='^';b[p+o+1]='\0';log(l,"%s",b);b[o]=' ';b[p+o]=' ';b[p+o+1]=c_;}})
+#define arrow(l,b,o,p,n,m)
#define debug(fmt, args...) log(LOG_DEBUG, fmt, ## args)
#endif /* EFIVAR_UTIL_H */
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: arm64 (aarch64)
Foreign Architectures: armhf
Kernel: Linux 4.20.10+ (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: efivar
Source-Version: 37-2
We believe that the bug you reported is fixed in the latest version of
efivar, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 922680@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <93sam@debian.org> (supplier of updated efivar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Mar 2019 17:55:07 +0000
Source: efivar
Architecture: source
Version: 37-2
Distribution: unstable
Urgency: medium
Maintainer: Debian UEFI Maintainers <debian-efi@lists.debian.org>
Changed-By: Steve McIntyre <93sam@debian.org>
Closes: 922680
Changes:
efivar (37-2) unstable; urgency=medium
.
* Cherry-pick fix from upstream:
+ Get rid of the arrows in our debug messages. (Closes: #922680)
Checksums-Sha1:
c1378138351f0f4bd03c5bfd256a0e249daeb486 2432 efivar_37-2.dsc
c96108b8e4a8f9308d806861dc067abaa0b760e3 9236 efivar_37-2.debian.tar.xz
6b09cb4e77ffb5cf5f976f730ad0803e2fd22371 5056 efivar_37-2_source.buildinfo
Checksums-Sha256:
716d0c325167cf212b0d5c982568921029f02af50704ac3327e04d1e8067ee98 2432 efivar_37-2.dsc
467e349f2f30d6574d7e72de98fd946fb6840145d3db8707fa7eddaa88737db1 9236 efivar_37-2.debian.tar.xz
88b9d4b8d06f9f7bf7be5b8a0562858d80d9dba24575cc80d734f685280f5d3b 5056 efivar_37-2_source.buildinfo
Files:
9968b53aa1241f6e21a8acd7065f12b8 2432 libs optional efivar_37-2.dsc
3c31f3091f5d4e3703811a1c4da98d1b 9236 libs optional efivar_37-2.debian.tar.xz
a4df12d2f6ef8b2d01973f5535fe4d6d 5056 libs optional efivar_37-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAlx5eS4RHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE5YPRAAigzqax76Jp6kUJIMTQEHcy10OG2Dzh5O
7LwkY//NBPaur5BF1fMMbTPJ/grgdX4ZVqQY+U9b/jKsKLWwqTOqE5ltsze/Tlhk
8AzW4mMfL5cU1qTvjG3pt6GWSQetvyYfilXuYcTAuybiDTYCeXUxOdT8l6sYCD2h
KwI5OA4JafyGpujwSgolQYk7XXFyaSi0HhY1zIlyQ01rHExfWJPSBV8WMpC//v0G
X94kwCh7jql5y36ppgnP/WrjbrLMPZQP2jNUtgLnmjGx0w9NzvGNrNsfEU0D3otB
HiSa2OhBPcayIveI1O4c3QqX3irVe5PXcxo3rZXGmS8D6PESLqTEGXhpBYstqtIT
BTlX+oGQscH0UEh/RRAqUCxyB9XFxrDSLBl3+ckLiPlu/xnuMh+IGcmOW5G1sF/S
NlumtTus7tQS5ZVz604kF9X77kTLJu5++F6RHCJV7zVwIdQXTcxPKSX+jOSjZCuZ
Fln3PpD5bxCYmPEwbCO9eJy2j21rXtXdiriOr1NJKytTGBSY9GEYcbeOwUxldBqj
1ubRAktotOBBQruzRVYgacHuqfoYw6m7ClyyZp//OmhrR7V1vVEqaQpom4Nuh++M
PH/ZRRIRrWpkewWstICATkoPapRlott2RsA2/XcB0mL26UK8//AVQs+fL6sGRJom
a2/WoOt7lRU=
=CJ4D
-----END PGP SIGNATURE-----
--- End Message ---