import shim-unsigned-x64-15-8.el8

This commit is contained in:
CentOS Sources 2020-08-01 05:03:02 -04:00 committed by Andrew Lukoshko
parent 00a828377a
commit 90b875047d
2 changed files with 91 additions and 1 deletions

View File

@ -0,0 +1,77 @@
From 9313a515432ba938e66f2edc1e22d548fed1eb5c Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 30 Jul 2020 14:34:22 -0400
Subject: [PATCH] hexdump.h: fix arithmetic error.
When I modified the hexdumper to help debug MokListRT mirroring not
working because of PcdMaxVolatileVariableSize being tiny, I
inadvertently added something that is effectively:
hexdump(..., char *buf, ..., int position)
{
unsigned long begin = (position % 16);
unsigned long i;
...
for (i = 0; i < begin; i++) {
...
}
...
}
Unfortunately, in c if 0x8 is set in position, that means begin is
0xfffffffffffff8, because signed integer math is horrifying:
include/hexdump.h:99:vhexdumpf() &data[offset]:0x9E77E6BC size-offset:0x14
include/hexdump.h:15:prepare_hex() position:0x9E77E6BC
include/hexdump.h:17:prepare_hex() before:0xFFFFFFFFFFFFFFFC size:0x14
include/hexdump.h:19:prepare_hex() before:0xFFFFFFFFFFFFFFFC after:0x0
include/hexdump.h:21:prepare_hex() buf:0x000000009E77E2BC offset:0 &buf[offset]:0x000000009E77E2BC
Woops.
This could further have been prevented in /some/ cases by simply not
preparing the hexdump buffer when "verbose" is disabled.
This patch makes "pos" be unsigned in all cases, and also checks for
verbose in vhexdumpf() and simply returns if it is 0.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
include/hexdump.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/include/hexdump.h b/include/hexdump.h
index f3f3ac284a3..b2968cd4f85 100644
--- a/include/hexdump.h
+++ b/include/hexdump.h
@@ -4,7 +4,7 @@
#include <stdint.h>
static inline unsigned long UNUSED
-prepare_hex(const void *data, size_t size, char *buf, int position)
+prepare_hex(const void *data, size_t size, char *buf, unsigned int position)
{
char hexchars[] = "0123456789abcdef";
int offset = 0;
@@ -48,7 +48,7 @@ prepare_hex(const void *data, size_t size, char *buf, int position)
#define isprint(c) ((c) >= 0x20 && (c) <= 0x7e)
static inline void UNUSED
-prepare_text(const void *data, size_t size, char *buf, int position)
+prepare_text(const void *data, size_t size, char *buf, unsigned int position)
{
int offset = 0;
unsigned long i;
@@ -84,6 +84,9 @@ vhexdumpf(const char *file, int line, const char *func, const CHAR16 * const fmt
unsigned long display_offset = at;
unsigned long offset = 0;
+ if (verbose == 0)
+ return;
+
while (offset < size) {
char hexbuf[49];
char txtbuf[19];
--
2.26.2

View File

@ -18,7 +18,7 @@
Name: shim-unsigned-%{efiarch}
Version: 15
Release: 7%{?dist}
Release: 8.el8
Summary: First-stage UEFI bootloader
ExclusiveArch: x86_64
License: BSD
@ -93,6 +93,7 @@ Patch0059: 0059-Make-openssl-accept-the-right-set-of-KU-EKUs.patch
Patch0060: 0060-Improve-debug-output-some.patch
Patch0061: 0061-Also-use-a-config-table-to-mirror-mok-variables.patch
Patch0062: 0062-Implement-lennysz-s-suggestions-for-MokListRT.patch
Patch0063: 0063-hexdump.h-fix-arithmetic-error.patch
BuildRequires: elfutils-libelf-devel
BuildRequires: git openssl-devel openssl
@ -230,6 +231,18 @@ cd ..
%files debugsource -f build-%{efiarch}/debugsource.list
%changelog
* Thu Jul 30 2020 Peter Jones <pjones@redhat.com> - 15-8
- Fix a load-address-dependent forever loop.
Resolves: rhbz#1861977
Related: CVE-2020-10713
Related: CVE-2020-14308
Related: CVE-2020-14309
Related: CVE-2020-14310
Related: CVE-2020-14311
Related: CVE-2020-15705
Related: CVE-2020-15706
Related: CVE-2020-15707
* Sat Jul 25 2020 Peter Jones <pjones@redhat.com> - 15-7
- Implement Lenny's workaround
Related: CVE-2020-10713