diff --git a/ChangeLog b/ChangeLog index a87d02d80..879df52c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2013-12-24 Vladimir Serbinenko + + Fix buffer overflow in grub_efi_print_device_path. + 2013-12-24 Vladimir Serbinenko Show SATA device path. diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c index 59d645e4c..b253141f2 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -447,28 +447,28 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) { case GRUB_EFI_PCI_DEVICE_PATH_SUBTYPE: { - grub_efi_pci_device_path_t pci; - grub_memcpy (&pci, dp, len); + grub_efi_pci_device_path_t *pci + = (grub_efi_pci_device_path_t *) dp; grub_printf ("/PCI(%x,%x)", - (unsigned) pci.function, (unsigned) pci.device); + (unsigned) pci->function, (unsigned) pci->device); } break; case GRUB_EFI_PCCARD_DEVICE_PATH_SUBTYPE: { - grub_efi_pccard_device_path_t pccard; - grub_memcpy (&pccard, dp, len); + grub_efi_pccard_device_path_t *pccard + = (grub_efi_pccard_device_path_t *) dp; grub_printf ("/PCCARD(%x)", - (unsigned) pccard.function); + (unsigned) pccard->function); } break; case GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE: { - grub_efi_memory_mapped_device_path_t mmapped; - grub_memcpy (&mmapped, dp, len); + grub_efi_memory_mapped_device_path_t *mmapped + = (grub_efi_memory_mapped_device_path_t *) dp; grub_printf ("/MMap(%x,%llx,%llx)", - (unsigned) mmapped.memory_type, - (unsigned long long) mmapped.start_address, - (unsigned long long) mmapped.end_address); + (unsigned) mmapped->memory_type, + (unsigned long long) mmapped->start_address, + (unsigned long long) mmapped->end_address); } break; case GRUB_EFI_VENDOR_DEVICE_PATH_SUBTYPE: @@ -477,10 +477,10 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) break; case GRUB_EFI_CONTROLLER_DEVICE_PATH_SUBTYPE: { - grub_efi_controller_device_path_t controller; - grub_memcpy (&controller, dp, len); + grub_efi_controller_device_path_t *controller + = (grub_efi_controller_device_path_t *) dp; grub_printf ("/Ctrl(%x)", - (unsigned) controller.controller_number); + (unsigned) controller->controller_number); } break; default: @@ -494,31 +494,31 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) { case GRUB_EFI_ACPI_DEVICE_PATH_SUBTYPE: { - grub_efi_acpi_device_path_t acpi; - grub_memcpy (&acpi, dp, len); + grub_efi_acpi_device_path_t *acpi + = (grub_efi_acpi_device_path_t *) dp; grub_printf ("/ACPI(%x,%x)", - (unsigned) acpi.hid, - (unsigned) acpi.uid); + (unsigned) acpi->hid, + (unsigned) acpi->uid); } break; case GRUB_EFI_EXPANDED_ACPI_DEVICE_PATH_SUBTYPE: { - grub_efi_expanded_acpi_device_path_t eacpi; - grub_memcpy (&eacpi, dp, sizeof (eacpi)); + grub_efi_expanded_acpi_device_path_t *eacpi + = (grub_efi_expanded_acpi_device_path_t *) dp; grub_printf ("/ACPI("); if (GRUB_EFI_EXPANDED_ACPI_HIDSTR (dp)[0] == '\0') - grub_printf ("%x,", (unsigned) eacpi.hid); + grub_printf ("%x,", (unsigned) eacpi->hid); else grub_printf ("%s,", GRUB_EFI_EXPANDED_ACPI_HIDSTR (dp)); if (GRUB_EFI_EXPANDED_ACPI_UIDSTR (dp)[0] == '\0') - grub_printf ("%x,", (unsigned) eacpi.uid); + grub_printf ("%x,", (unsigned) eacpi->uid); else grub_printf ("%s,", GRUB_EFI_EXPANDED_ACPI_UIDSTR (dp)); if (GRUB_EFI_EXPANDED_ACPI_CIDSTR (dp)[0] == '\0') - grub_printf ("%x)", (unsigned) eacpi.cid); + grub_printf ("%x)", (unsigned) eacpi->cid); else grub_printf ("%s)", GRUB_EFI_EXPANDED_ACPI_CIDSTR (dp)); } @@ -534,147 +534,148 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) { case GRUB_EFI_ATAPI_DEVICE_PATH_SUBTYPE: { - grub_efi_atapi_device_path_t atapi; - grub_memcpy (&atapi, dp, len); + grub_efi_atapi_device_path_t *atapi + = (grub_efi_atapi_device_path_t *) dp; grub_printf ("/ATAPI(%x,%x,%x)", - (unsigned) atapi.primary_secondary, - (unsigned) atapi.slave_master, - (unsigned) atapi.lun); + (unsigned) atapi->primary_secondary, + (unsigned) atapi->slave_master, + (unsigned) atapi->lun); } break; case GRUB_EFI_SCSI_DEVICE_PATH_SUBTYPE: { - grub_efi_scsi_device_path_t scsi; - grub_memcpy (&scsi, dp, len); + grub_efi_scsi_device_path_t *scsi + = (grub_efi_scsi_device_path_t *) dp; grub_printf ("/SCSI(%x,%x)", - (unsigned) scsi.pun, - (unsigned) scsi.lun); + (unsigned) scsi->pun, + (unsigned) scsi->lun); } break; case GRUB_EFI_FIBRE_CHANNEL_DEVICE_PATH_SUBTYPE: { - grub_efi_fibre_channel_device_path_t fc; - grub_memcpy (&fc, dp, len); + grub_efi_fibre_channel_device_path_t *fc + = (grub_efi_fibre_channel_device_path_t *) dp; grub_printf ("/FibreChannel(%llx,%llx)", - (unsigned long long) fc.wwn, - (unsigned long long) fc.lun); + (unsigned long long) fc->wwn, + (unsigned long long) fc->lun); } break; case GRUB_EFI_1394_DEVICE_PATH_SUBTYPE: { - grub_efi_1394_device_path_t firewire; - grub_memcpy (&firewire, dp, len); - grub_printf ("/1394(%llx)", (unsigned long long) firewire.guid); + grub_efi_1394_device_path_t *firewire + = (grub_efi_1394_device_path_t *) dp; + grub_printf ("/1394(%llx)", + (unsigned long long) firewire->guid); } break; case GRUB_EFI_USB_DEVICE_PATH_SUBTYPE: { - grub_efi_usb_device_path_t usb; - grub_memcpy (&usb, dp, len); + grub_efi_usb_device_path_t *usb + = (grub_efi_usb_device_path_t *) dp; grub_printf ("/USB(%x,%x)", - (unsigned) usb.parent_port_number, - (unsigned) usb.usb_interface); + (unsigned) usb->parent_port_number, + (unsigned) usb->usb_interface); } break; case GRUB_EFI_USB_CLASS_DEVICE_PATH_SUBTYPE: { - grub_efi_usb_class_device_path_t usb_class; - grub_memcpy (&usb_class, dp, len); + grub_efi_usb_class_device_path_t *usb_class + = (grub_efi_usb_class_device_path_t *) dp; grub_printf ("/USBClass(%x,%x,%x,%x,%x)", - (unsigned) usb_class.vendor_id, - (unsigned) usb_class.product_id, - (unsigned) usb_class.device_class, - (unsigned) usb_class.device_subclass, - (unsigned) usb_class.device_protocol); + (unsigned) usb_class->vendor_id, + (unsigned) usb_class->product_id, + (unsigned) usb_class->device_class, + (unsigned) usb_class->device_subclass, + (unsigned) usb_class->device_protocol); } break; case GRUB_EFI_I2O_DEVICE_PATH_SUBTYPE: { - grub_efi_i2o_device_path_t i2o; - grub_memcpy (&i2o, dp, len); - grub_printf ("/I2O(%x)", (unsigned) i2o.tid); + grub_efi_i2o_device_path_t *i2o + = (grub_efi_i2o_device_path_t *) dp; + grub_printf ("/I2O(%x)", (unsigned) i2o->tid); } break; case GRUB_EFI_MAC_ADDRESS_DEVICE_PATH_SUBTYPE: { - grub_efi_mac_address_device_path_t mac; - grub_memcpy (&mac, dp, len); + grub_efi_mac_address_device_path_t *mac + = (grub_efi_mac_address_device_path_t *) dp; grub_printf ("/MacAddr(%02x:%02x:%02x:%02x:%02x:%02x,%x)", - (unsigned) mac.mac_address[0], - (unsigned) mac.mac_address[1], - (unsigned) mac.mac_address[2], - (unsigned) mac.mac_address[3], - (unsigned) mac.mac_address[4], - (unsigned) mac.mac_address[5], - (unsigned) mac.if_type); + (unsigned) mac->mac_address[0], + (unsigned) mac->mac_address[1], + (unsigned) mac->mac_address[2], + (unsigned) mac->mac_address[3], + (unsigned) mac->mac_address[4], + (unsigned) mac->mac_address[5], + (unsigned) mac->if_type); } break; case GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE: { - grub_efi_ipv4_device_path_t ipv4; - grub_memcpy (&ipv4, dp, len); + grub_efi_ipv4_device_path_t *ipv4 + = (grub_efi_ipv4_device_path_t *) dp; grub_printf ("/IPv4(%u.%u.%u.%u,%u.%u.%u.%u,%u,%u,%x,%x)", - (unsigned) ipv4.local_ip_address[0], - (unsigned) ipv4.local_ip_address[1], - (unsigned) ipv4.local_ip_address[2], - (unsigned) ipv4.local_ip_address[3], - (unsigned) ipv4.remote_ip_address[0], - (unsigned) ipv4.remote_ip_address[1], - (unsigned) ipv4.remote_ip_address[2], - (unsigned) ipv4.remote_ip_address[3], - (unsigned) ipv4.local_port, - (unsigned) ipv4.remote_port, - (unsigned) ipv4.protocol, - (unsigned) ipv4.static_ip_address); + (unsigned) ipv4->local_ip_address[0], + (unsigned) ipv4->local_ip_address[1], + (unsigned) ipv4->local_ip_address[2], + (unsigned) ipv4->local_ip_address[3], + (unsigned) ipv4->remote_ip_address[0], + (unsigned) ipv4->remote_ip_address[1], + (unsigned) ipv4->remote_ip_address[2], + (unsigned) ipv4->remote_ip_address[3], + (unsigned) ipv4->local_port, + (unsigned) ipv4->remote_port, + (unsigned) ipv4->protocol, + (unsigned) ipv4->static_ip_address); } break; case GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE: { - grub_efi_ipv6_device_path_t ipv6; - grub_memcpy (&ipv6, dp, len); + grub_efi_ipv6_device_path_t *ipv6 + = (grub_efi_ipv6_device_path_t *) dp; grub_printf ("/IPv6(%x:%x:%x:%x:%x:%x:%x:%x,%x:%x:%x:%x:%x:%x:%x:%x,%u,%u,%x,%x)", - (unsigned) ipv6.local_ip_address[0], - (unsigned) ipv6.local_ip_address[1], - (unsigned) ipv6.local_ip_address[2], - (unsigned) ipv6.local_ip_address[3], - (unsigned) ipv6.local_ip_address[4], - (unsigned) ipv6.local_ip_address[5], - (unsigned) ipv6.local_ip_address[6], - (unsigned) ipv6.local_ip_address[7], - (unsigned) ipv6.remote_ip_address[0], - (unsigned) ipv6.remote_ip_address[1], - (unsigned) ipv6.remote_ip_address[2], - (unsigned) ipv6.remote_ip_address[3], - (unsigned) ipv6.remote_ip_address[4], - (unsigned) ipv6.remote_ip_address[5], - (unsigned) ipv6.remote_ip_address[6], - (unsigned) ipv6.remote_ip_address[7], - (unsigned) ipv6.local_port, - (unsigned) ipv6.remote_port, - (unsigned) ipv6.protocol, - (unsigned) ipv6.static_ip_address); + (unsigned) ipv6->local_ip_address[0], + (unsigned) ipv6->local_ip_address[1], + (unsigned) ipv6->local_ip_address[2], + (unsigned) ipv6->local_ip_address[3], + (unsigned) ipv6->local_ip_address[4], + (unsigned) ipv6->local_ip_address[5], + (unsigned) ipv6->local_ip_address[6], + (unsigned) ipv6->local_ip_address[7], + (unsigned) ipv6->remote_ip_address[0], + (unsigned) ipv6->remote_ip_address[1], + (unsigned) ipv6->remote_ip_address[2], + (unsigned) ipv6->remote_ip_address[3], + (unsigned) ipv6->remote_ip_address[4], + (unsigned) ipv6->remote_ip_address[5], + (unsigned) ipv6->remote_ip_address[6], + (unsigned) ipv6->remote_ip_address[7], + (unsigned) ipv6->local_port, + (unsigned) ipv6->remote_port, + (unsigned) ipv6->protocol, + (unsigned) ipv6->static_ip_address); } break; case GRUB_EFI_INFINIBAND_DEVICE_PATH_SUBTYPE: { - grub_efi_infiniband_device_path_t ib; - grub_memcpy (&ib, dp, len); + grub_efi_infiniband_device_path_t *ib + = (grub_efi_infiniband_device_path_t *) dp; grub_printf ("/InfiniBand(%x,%llx,%llx,%llx)", - (unsigned) ib.port_gid[0], /* XXX */ - (unsigned long long) ib.remote_id, - (unsigned long long) ib.target_port_id, - (unsigned long long) ib.device_id); + (unsigned) ib->port_gid[0], /* XXX */ + (unsigned long long) ib->remote_id, + (unsigned long long) ib->target_port_id, + (unsigned long long) ib->device_id); } break; case GRUB_EFI_UART_DEVICE_PATH_SUBTYPE: { - grub_efi_uart_device_path_t uart; - grub_memcpy (&uart, dp, len); + grub_efi_uart_device_path_t *uart + = (grub_efi_uart_device_path_t *) dp; grub_printf ("/UART(%llu,%u,%x,%x)", - (unsigned long long) uart.baud_rate, - uart.data_bits, - uart.parity, - uart.stop_bits); + (unsigned long long) uart->baud_rate, + uart->data_bits, + uart->parity, + uart->stop_bits); } break; case GRUB_EFI_SATA_DEVICE_PATH_SUBTYPE: @@ -722,12 +723,12 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) break; case GRUB_EFI_CDROM_DEVICE_PATH_SUBTYPE: { - grub_efi_cdrom_device_path_t cd; - grub_memcpy (&cd, dp, len); + grub_efi_cdrom_device_path_t *cd + = (grub_efi_cdrom_device_path_t *) dp; grub_printf ("/CD(%u,%llx,%llx)", - cd.boot_entry, - (unsigned long long) cd.partition_start, - (unsigned long long) cd.partition_size); + cd->boot_entry, + (unsigned long long) cd->partition_start, + (unsigned long long) cd->partition_size); } break; case GRUB_EFI_VENDOR_MEDIA_DEVICE_PATH_SUBTYPE: @@ -752,20 +753,20 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) break; case GRUB_EFI_PROTOCOL_DEVICE_PATH_SUBTYPE: { - grub_efi_protocol_device_path_t proto; - grub_memcpy (&proto, dp, sizeof (proto)); + grub_efi_protocol_device_path_t *proto + = (grub_efi_protocol_device_path_t *) dp; grub_printf ("/Protocol(%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x)", - (unsigned) proto.guid.data1, - (unsigned) proto.guid.data2, - (unsigned) proto.guid.data3, - (unsigned) proto.guid.data4[0], - (unsigned) proto.guid.data4[1], - (unsigned) proto.guid.data4[2], - (unsigned) proto.guid.data4[3], - (unsigned) proto.guid.data4[4], - (unsigned) proto.guid.data4[5], - (unsigned) proto.guid.data4[6], - (unsigned) proto.guid.data4[7]); + (unsigned) proto->guid.data1, + (unsigned) proto->guid.data2, + (unsigned) proto->guid.data3, + (unsigned) proto->guid.data4[0], + (unsigned) proto->guid.data4[1], + (unsigned) proto->guid.data4[2], + (unsigned) proto->guid.data4[3], + (unsigned) proto->guid.data4[4], + (unsigned) proto->guid.data4[5], + (unsigned) proto->guid.data4[6], + (unsigned) proto->guid.data4[7]); } break; default: @@ -779,11 +780,11 @@ grub_efi_print_device_path (grub_efi_device_path_t *dp) { case GRUB_EFI_BIOS_DEVICE_PATH_SUBTYPE: { - grub_efi_bios_device_path_t bios; - grub_memcpy (&bios, dp, sizeof (bios)); + grub_efi_bios_device_path_t *bios + = (grub_efi_bios_device_path_t *) dp; grub_printf ("/BIOS(%x,%x,%s)", - (unsigned) bios.device_type, - (unsigned) bios.status_flags, + (unsigned) bios->device_type, + (unsigned) bios->status_flags, (char *) (dp + 1)); } break;