vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix buffer overflow in grub_efi_print_device_path.

Browse source
This commit is contained in:
Vladimir Serbinenko 2013-12-24 19:04:46 +01:00
parent 4d6c69536e
commit 09c479006c
2 changed files with 137 additions and 132 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -1,3 +1,7 @@
2013-12-24 Vladimir Serbinenko <phcoder@gmail.com>
Fix buffer overflow in grub_efi_print_device_path.
2013-12-24 Vladimir Serbinenko <phcoder@gmail.com>
Show SATA device path.

265
grub-core/kern/efi/efi.c
View file

@ -447,28 +447,28 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
{
case GRUB_EFI_PCI_DEVICE_PATH_SUBTYPE:
{
grub_efi_pci_device_path_t pci;
grub_memcpy (&pci, dp, len);
grub_efi_pci_device_path_t *pci
= (grub_efi_pci_device_path_t *) dp;
grub_printf ("/PCI(%x,%x)",
(unsigned) pci.function, (unsigned) pci.device);
(unsigned) pci->function, (unsigned) pci->device);
}
break;
case GRUB_EFI_PCCARD_DEVICE_PATH_SUBTYPE:
{
grub_efi_pccard_device_path_t pccard;
grub_memcpy (&pccard, dp, len);
grub_efi_pccard_device_path_t *pccard
= (grub_efi_pccard_device_path_t *) dp;
grub_printf ("/PCCARD(%x)",
(unsigned) pccard.function);
(unsigned) pccard->function);
}
break;
case GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE:
{
grub_efi_memory_mapped_device_path_t mmapped;
grub_memcpy (&mmapped, dp, len);
grub_efi_memory_mapped_device_path_t *mmapped
= (grub_efi_memory_mapped_device_path_t *) dp;
grub_printf ("/MMap(%x,%llx,%llx)",
(unsigned) mmapped.memory_type,
(unsigned long long) mmapped.start_address,
(unsigned long long) mmapped.end_address);
(unsigned) mmapped->memory_type,
(unsigned long long) mmapped->start_address,
(unsigned long long) mmapped->end_address);
}
break;
case GRUB_EFI_VENDOR_DEVICE_PATH_SUBTYPE:
@ -477,10 +477,10 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
break;
case GRUB_EFI_CONTROLLER_DEVICE_PATH_SUBTYPE:
{
grub_efi_controller_device_path_t controller;
grub_memcpy (&controller, dp, len);
grub_efi_controller_device_path_t *controller
= (grub_efi_controller_device_path_t *) dp;
grub_printf ("/Ctrl(%x)",
(unsigned) controller.controller_number);
(unsigned) controller->controller_number);
}
break;
default:
@ -494,31 +494,31 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
{
case GRUB_EFI_ACPI_DEVICE_PATH_SUBTYPE:
{
grub_efi_acpi_device_path_t acpi;
grub_memcpy (&acpi, dp, len);
grub_efi_acpi_device_path_t *acpi
= (grub_efi_acpi_device_path_t *) dp;
grub_printf ("/ACPI(%x,%x)",
(unsigned) acpi.hid,
(unsigned) acpi.uid);
(unsigned) acpi->hid,
(unsigned) acpi->uid);
}
break;
case GRUB_EFI_EXPANDED_ACPI_DEVICE_PATH_SUBTYPE:
{
grub_efi_expanded_acpi_device_path_t eacpi;
grub_memcpy (&eacpi, dp, sizeof (eacpi));
grub_efi_expanded_acpi_device_path_t *eacpi
= (grub_efi_expanded_acpi_device_path_t *) dp;
grub_printf ("/ACPI(");
if (GRUB_EFI_EXPANDED_ACPI_HIDSTR (dp)[0] == '\0')
grub_printf ("%x,", (unsigned) eacpi.hid);
grub_printf ("%x,", (unsigned) eacpi->hid);
else
grub_printf ("%s,", GRUB_EFI_EXPANDED_ACPI_HIDSTR (dp));
if (GRUB_EFI_EXPANDED_ACPI_UIDSTR (dp)[0] == '\0')
grub_printf ("%x,", (unsigned) eacpi.uid);
grub_printf ("%x,", (unsigned) eacpi->uid);
else
grub_printf ("%s,", GRUB_EFI_EXPANDED_ACPI_UIDSTR (dp));
if (GRUB_EFI_EXPANDED_ACPI_CIDSTR (dp)[0] == '\0')
grub_printf ("%x)", (unsigned) eacpi.cid);
grub_printf ("%x)", (unsigned) eacpi->cid);
else
grub_printf ("%s)", GRUB_EFI_EXPANDED_ACPI_CIDSTR (dp));
}
@ -534,147 +534,148 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
{
case GRUB_EFI_ATAPI_DEVICE_PATH_SUBTYPE:
{
grub_efi_atapi_device_path_t atapi;
grub_memcpy (&atapi, dp, len);
grub_efi_atapi_device_path_t *atapi
= (grub_efi_atapi_device_path_t *) dp;
grub_printf ("/ATAPI(%x,%x,%x)",
(unsigned) atapi.primary_secondary,
(unsigned) atapi.slave_master,
(unsigned) atapi.lun);
(unsigned) atapi->primary_secondary,
(unsigned) atapi->slave_master,
(unsigned) atapi->lun);
}
break;
case GRUB_EFI_SCSI_DEVICE_PATH_SUBTYPE:
{
grub_efi_scsi_device_path_t scsi;
grub_memcpy (&scsi, dp, len);
grub_efi_scsi_device_path_t *scsi
= (grub_efi_scsi_device_path_t *) dp;
grub_printf ("/SCSI(%x,%x)",
(unsigned) scsi.pun,
(unsigned) scsi.lun);
(unsigned) scsi->pun,
(unsigned) scsi->lun);
}
break;
case GRUB_EFI_FIBRE_CHANNEL_DEVICE_PATH_SUBTYPE:
{
grub_efi_fibre_channel_device_path_t fc;
grub_memcpy (&fc, dp, len);
grub_efi_fibre_channel_device_path_t *fc
= (grub_efi_fibre_channel_device_path_t *) dp;
grub_printf ("/FibreChannel(%llx,%llx)",
(unsigned long long) fc.wwn,
(unsigned long long) fc.lun);
(unsigned long long) fc->wwn,
(unsigned long long) fc->lun);
}
break;
case GRUB_EFI_1394_DEVICE_PATH_SUBTYPE:
{
grub_efi_1394_device_path_t firewire;
grub_memcpy (&firewire, dp, len);
grub_printf ("/1394(%llx)", (unsigned long long) firewire.guid);
grub_efi_1394_device_path_t *firewire
= (grub_efi_1394_device_path_t *) dp;
grub_printf ("/1394(%llx)",
(unsigned long long) firewire->guid);
}
break;
case GRUB_EFI_USB_DEVICE_PATH_SUBTYPE:
{
grub_efi_usb_device_path_t usb;
grub_memcpy (&usb, dp, len);
grub_efi_usb_device_path_t *usb
= (grub_efi_usb_device_path_t *) dp;
grub_printf ("/USB(%x,%x)",
(unsigned) usb.parent_port_number,
(unsigned) usb.usb_interface);
(unsigned) usb->parent_port_number,
(unsigned) usb->usb_interface);
}
break;
case GRUB_EFI_USB_CLASS_DEVICE_PATH_SUBTYPE:
{
grub_efi_usb_class_device_path_t usb_class;
grub_memcpy (&usb_class, dp, len);
grub_efi_usb_class_device_path_t *usb_class
= (grub_efi_usb_class_device_path_t *) dp;
grub_printf ("/USBClass(%x,%x,%x,%x,%x)",
(unsigned) usb_class.vendor_id,
(unsigned) usb_class.product_id,
(unsigned) usb_class.device_class,
(unsigned) usb_class.device_subclass,
(unsigned) usb_class.device_protocol);
(unsigned) usb_class->vendor_id,
(unsigned) usb_class->product_id,
(unsigned) usb_class->device_class,
(unsigned) usb_class->device_subclass,
(unsigned) usb_class->device_protocol);
}
break;
case GRUB_EFI_I2O_DEVICE_PATH_SUBTYPE:
{
grub_efi_i2o_device_path_t i2o;
grub_memcpy (&i2o, dp, len);
grub_printf ("/I2O(%x)", (unsigned) i2o.tid);
grub_efi_i2o_device_path_t *i2o
= (grub_efi_i2o_device_path_t *) dp;
grub_printf ("/I2O(%x)", (unsigned) i2o->tid);
}
break;
case GRUB_EFI_MAC_ADDRESS_DEVICE_PATH_SUBTYPE:
{
grub_efi_mac_address_device_path_t mac;
grub_memcpy (&mac, dp, len);
grub_efi_mac_address_device_path_t *mac
= (grub_efi_mac_address_device_path_t *) dp;
grub_printf ("/MacAddr(%02x:%02x:%02x:%02x:%02x:%02x,%x)",
(unsigned) mac.mac_address[0],
(unsigned) mac.mac_address[1],
(unsigned) mac.mac_address[2],
(unsigned) mac.mac_address[3],
(unsigned) mac.mac_address[4],
(unsigned) mac.mac_address[5],
(unsigned) mac.if_type);
(unsigned) mac->mac_address[0],
(unsigned) mac->mac_address[1],
(unsigned) mac->mac_address[2],
(unsigned) mac->mac_address[3],
(unsigned) mac->mac_address[4],
(unsigned) mac->mac_address[5],
(unsigned) mac->if_type);
}
break;
case GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE:
{
grub_efi_ipv4_device_path_t ipv4;
grub_memcpy (&ipv4, dp, len);
grub_efi_ipv4_device_path_t *ipv4
= (grub_efi_ipv4_device_path_t *) dp;
grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x)",
(unsigned) ipv4.local_ip_address[0],
(unsigned) ipv4.local_ip_address[1],
(unsigned) ipv4.local_ip_address[2],
(unsigned) ipv4.local_ip_address[3],
(unsigned) ipv4.remote_ip_address[0],
(unsigned) ipv4.remote_ip_address[1],
(unsigned) ipv4.remote_ip_address[2],
(unsigned) ipv4.remote_ip_address[3],
(unsigned) ipv4.local_port,
(unsigned) ipv4.remote_port,
(unsigned) ipv4.protocol,
(unsigned) ipv4.static_ip_address);
(unsigned) ipv4->local_ip_address[0],
(unsigned) ipv4->local_ip_address[1],
(unsigned) ipv4->local_ip_address[2],
(unsigned) ipv4->local_ip_address[3],
(unsigned) ipv4->remote_ip_address[0],
(unsigned) ipv4->remote_ip_address[1],
(unsigned) ipv4->remote_ip_address[2],
(unsigned) ipv4->remote_ip_address[3],
(unsigned) ipv4->local_port,
(unsigned) ipv4->remote_port,
(unsigned) ipv4->protocol,
(unsigned) ipv4->static_ip_address);
}
break;
case GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE:
{
grub_efi_ipv6_device_path_t ipv6;
grub_memcpy (&ipv6, dp, len);
grub_efi_ipv6_device_path_t *ipv6
= (grub_efi_ipv6_device_path_t *) dp;
grub_printf ("/IPv6(%x:%x:%x:%x:%x:%x:%x:%x,%x:%x:%x:%x:%x:%x:%x:%x,%u,%u,%x,%x)",
(unsigned) ipv6.local_ip_address[0],
(unsigned) ipv6.local_ip_address[1],
(unsigned) ipv6.local_ip_address[2],
(unsigned) ipv6.local_ip_address[3],
(unsigned) ipv6.local_ip_address[4],
(unsigned) ipv6.local_ip_address[5],
(unsigned) ipv6.local_ip_address[6],
(unsigned) ipv6.local_ip_address[7],
(unsigned) ipv6.remote_ip_address[0],
(unsigned) ipv6.remote_ip_address[1],
(unsigned) ipv6.remote_ip_address[2],
(unsigned) ipv6.remote_ip_address[3],
(unsigned) ipv6.remote_ip_address[4],
(unsigned) ipv6.remote_ip_address[5],
(unsigned) ipv6.remote_ip_address[6],
(unsigned) ipv6.remote_ip_address[7],
(unsigned) ipv6.local_port,
(unsigned) ipv6.remote_port,
(unsigned) ipv6.protocol,
(unsigned) ipv6.static_ip_address);
(unsigned) ipv6->local_ip_address[0],
(unsigned) ipv6->local_ip_address[1],
(unsigned) ipv6->local_ip_address[2],
(unsigned) ipv6->local_ip_address[3],
(unsigned) ipv6->local_ip_address[4],
(unsigned) ipv6->local_ip_address[5],
(unsigned) ipv6->local_ip_address[6],
(unsigned) ipv6->local_ip_address[7],
(unsigned) ipv6->remote_ip_address[0],
(unsigned) ipv6->remote_ip_address[1],
(unsigned) ipv6->remote_ip_address[2],
(unsigned) ipv6->remote_ip_address[3],
(unsigned) ipv6->remote_ip_address[4],
(unsigned) ipv6->remote_ip_address[5],
(unsigned) ipv6->remote_ip_address[6],
(unsigned) ipv6->remote_ip_address[7],
(unsigned) ipv6->local_port,
(unsigned) ipv6->remote_port,
(unsigned) ipv6->protocol,
(unsigned) ipv6->static_ip_address);
}
break;
case GRUB_EFI_INFINIBAND_DEVICE_PATH_SUBTYPE:
{
grub_efi_infiniband_device_path_t ib;
grub_memcpy (&ib, dp, len);
grub_efi_infiniband_device_path_t *ib
= (grub_efi_infiniband_device_path_t *) dp;
grub_printf ("/InfiniBand(%x,%llx,%llx,%llx)",
(unsigned) ib.port_gid[0], /* XXX */
(unsigned long long) ib.remote_id,
(unsigned long long) ib.target_port_id,
(unsigned long long) ib.device_id);
(unsigned) ib->port_gid[0], /* XXX */
(unsigned long long) ib->remote_id,
(unsigned long long) ib->target_port_id,
(unsigned long long) ib->device_id);
}
break;
case GRUB_EFI_UART_DEVICE_PATH_SUBTYPE:
{
grub_efi_uart_device_path_t uart;
grub_memcpy (&uart, dp, len);
grub_efi_uart_device_path_t *uart
= (grub_efi_uart_device_path_t *) dp;
grub_printf ("/UART(%llu,%u,%x,%x)",
(unsigned long long) uart.baud_rate,
uart.data_bits,
uart.parity,
uart.stop_bits);
(unsigned long long) uart->baud_rate,
uart->data_bits,
uart->parity,
uart->stop_bits);
}
break;
case GRUB_EFI_SATA_DEVICE_PATH_SUBTYPE:
@ -722,12 +723,12 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
break;
case GRUB_EFI_CDROM_DEVICE_PATH_SUBTYPE:
{
grub_efi_cdrom_device_path_t cd;
grub_memcpy (&cd, dp, len);
grub_efi_cdrom_device_path_t *cd
= (grub_efi_cdrom_device_path_t *) dp;
grub_printf ("/CD(%u,%llx,%llx)",
cd.boot_entry,
(unsigned long long) cd.partition_start,
(unsigned long long) cd.partition_size);
cd->boot_entry,
(unsigned long long) cd->partition_start,
(unsigned long long) cd->partition_size);
}
break;
case GRUB_EFI_VENDOR_MEDIA_DEVICE_PATH_SUBTYPE:
@ -752,20 +753,20 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
break;
case GRUB_EFI_PROTOCOL_DEVICE_PATH_SUBTYPE:
{
grub_efi_protocol_device_path_t proto;
grub_memcpy (&proto, dp, sizeof (proto));
grub_efi_protocol_device_path_t *proto
= (grub_efi_protocol_device_path_t *) dp;
grub_printf ("/Protocol(%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)",
(unsigned) proto.guid.data1,
(unsigned) proto.guid.data2,
(unsigned) proto.guid.data3,
(unsigned) proto.guid.data4[0],
(unsigned) proto.guid.data4[1],
(unsigned) proto.guid.data4[2],
(unsigned) proto.guid.data4[3],
(unsigned) proto.guid.data4[4],
(unsigned) proto.guid.data4[5],
(unsigned) proto.guid.data4[6],
(unsigned) proto.guid.data4[7]);
(unsigned) proto->guid.data1,
(unsigned) proto->guid.data2,
(unsigned) proto->guid.data3,
(unsigned) proto->guid.data4[0],
(unsigned) proto->guid.data4[1],
(unsigned) proto->guid.data4[2],
(unsigned) proto->guid.data4[3],
(unsigned) proto->guid.data4[4],
(unsigned) proto->guid.data4[5],
(unsigned) proto->guid.data4[6],
(unsigned) proto->guid.data4[7]);
}
break;
default:
@ -779,11 +780,11 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp)
{
case GRUB_EFI_BIOS_DEVICE_PATH_SUBTYPE:
{
grub_efi_bios_device_path_t bios;
grub_memcpy (&bios, dp, sizeof (bios));
grub_efi_bios_device_path_t *bios
= (grub_efi_bios_device_path_t *) dp;
grub_printf ("/BIOS(%x,%x,%s)",
(unsigned) bios.device_type,
(unsigned) bios.status_flags,
(unsigned) bios->device_type,
(unsigned) bios->status_flags,
(char *) (dp + 1));
}
break;