Commit graph

24 commits

Author SHA1 Message Date
Peter Jones
a4d3fbdff1 yylex: Make lexer fatal errors actually be fatal
When presented with a command that can't be tokenized to anything
smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg),
expecting that will stop further processing, as such:

  #define YY_DO_BEFORE_ACTION \
        yyg->yytext_ptr = yy_bp; \
        yyleng = (int) (yy_cp - yy_bp); \
        yyg->yy_hold_char = *yy_cp; \
        *yy_cp = '\0'; \
        if ( yyleng >= YYLMAX ) \
                YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \
        yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \
        yyg->yy_c_buf_p = yy_cp;

The code flex generates expects that YY_FATAL_ERROR() will either return
for it or do some form of longjmp(), or handle the error in some way at
least, and so the strncpy() call isn't in an "else" clause, and thus if
YY_FATAL_ERROR() is *not* actually fatal, it does the call with the
questionable limit, and predictable results ensue.

Unfortunately, our implementation of YY_FATAL_ERROR() is:

   #define YY_FATAL_ERROR(msg)                     \
     do {                                          \
       grub_printf (_("fatal error: %s\n"), _(msg));     \
     } while (0)

The same pattern exists in yyless(), and similar problems exist in users
of YY_INPUT(), several places in the main parsing loop,
yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack,
yy_scan_buffer(), etc.

All of these callers expect YY_FATAL_ERROR() to actually be fatal, and
the things they do if it returns after calling it are wildly unsafe.

Fixes: CVE-2020-10713

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-07-29 16:55:47 +02:00
Vladimir Serbinenko
c36c2a8640 yylex: Explicilty cast fprintf to void.
It's needed to avoid warning on recent GCC.
2017-08-14 14:11:43 +02:00
Vladimir Serbinenko
342d6edb97 yylex: use grub_fatal for exit.
lexer calls yylex_fatal on fatal internal errors. yylex_fatal itself is
declared as noreturn and calls exit. Returning from noreturn function has
unpredictable consequences.
2016-02-12 12:34:54 +01:00
Vladimir Serbinenko
080603f0b0 Decrease stack usage in lexer.
We have only 92K of stack and using over 4K per frame is wasteful

	* grub-core/script/yylex.l (yyalloc), (yyfree), (yyrealloc): Declare
	as macros so that compiler would remove useless structure on stack.
	Better solution would be to fix flex not to put this structure on
	the stack but flex is external program.
2013-11-16 16:37:59 +01:00
Vladimir Serbinenko
ec0ebb3fc2 Remove vestiges of -Wunsafe-loop-optimisations.
* conf/Makefile.common (CFLAGS_GNULIB): Remove
	-Wno-unsafe-loop-optimisations.
	* grub-core/commands/legacycfg.c: Remove -Wunsafe-loop-optimisations
	pragma.
	* grub-core/io/gzio.c: Likewise.
	* grub-core/script/parser.y: Likewise.
	* grub-core/script/yylex.l: Likewise.
	* util/grub-mkfont.c: Likewise.
2013-11-07 02:25:31 +01:00
Vladimir 'phcoder' Serbinenko
9688cae2eb * grub-core/script/yylex.l: Fix LSQBR2 and RSQBR2. It's not
currently used so this doesn't really have any effect.
	Reported by:  	Douglas Ray <dougray>
2013-10-17 01:28:24 +02:00
Vladimir 'phcoder' Serbinenko
9cc836a27b * grub-core/script/yylex.l: Ignore unused-function and sign-compare
warnings.
2012-09-05 08:51:31 +02:00
Vladimir 'phcoder' Serbinenko
5e619f408d Fix wildcard escaping.
* grub-core/commands/wildcard.c (wildcard_escape): Moved from here ...
	* grub-core/script/execute.c (wildcard_escape): .. to here.
	Don't escape dot.
	* grub-core/commands/wildcard.c (wildcard_unescape): Moved from here ...
	* grub-core/script/execute.c (wildcard_unescape): .. to here.
	Don't escape dot.
	* grub-core/script/execute.c (gettext_append): Always escape.
	(grub_script_arglist_to_argv): Always handle escaping/unescaping.
	* grub-core/script/yylex.l: Don't cut away the escaping.
	* tests/grub_script_echo1.in: Add tests with wildcard.
2012-06-08 22:54:21 +02:00
Vladimir 'phcoder' Serbinenko
eea1e26e52 * grub-core/script/yylex.l: Ugly fix for "\\\n ".
* tests/grub_script_echo1.in: Add tests.
2012-05-08 23:20:02 +02:00
Vladimir 'phcoder' Serbinenko
546fbe9b5a Add variable parsing in $"..." and fix several mismatches with bash.
* Makefile.util.def (grub_script_gettext): New test.
	* grub-core/script/execute.c (parse_string): New function.
	(gettext_append): Likewise.
	(grub_script_arglist_to_argv): Use gettext_append.
	* grub-core/script/yylex.l: Fix slash and newline handling in $"...".
	* tests/grub_script_gettext.in: New file.
2012-03-11 14:46:48 +01:00
Vladimir 'phcoder' Serbinenko
7e8fac16ad $"..." support in scripts.
* grub-core/script/execute.c (grub_script_arglist_to_argv): Handle
	GRUB_SCRIPT_ARG_TYPE_GETTEXT.
	* grub-core/script/yylex.l: Likewise.
	* include/grub/script_sh.h (GRUB_SCRIPT_ARG_TYPE_GETTEXT): New enum
	value.
2012-02-26 19:02:46 +01:00
Vladimir 'phcoder' Serbinenko
4e27343fb0 * conf/Makefile.common (CFLAGS_GNULIB): Add
-Wno-unsafe-loop-optimizations.
	* configure.ac: Remove -Wmissing-declarations and -Wmissing-prototypes
	on tools.
	* grub-core/commands/legacycfg.c: Add pragma to skip
	-Wunsafe-loop-optimizations.
	(check_password_md5_real): Fix loop counter type.
	* grub-core/commands/testload.c (grub_cmd_testload): Fix over the EOF
	reading.
	* grub-core/disk/ldm.c (grub_util_get_ldm): Fix logic error.
	* grub-core/fs/zfs/zfs_sha256.c (zio_checksum_SHA256): Add safety
	loop condition.
	* grub-core/io/gzio.c: Add pragma to skip -Wunsafe-loop-optimizations.
	* grub-core/lib/LzmaEnc.c (GetOptimum): Avoid possible infinite loop.
	* grub-core/net/net.c (grub_net_route_address): Add safety loop
	condition.
	* grub-core/normal/charset.c (bidi_line_wrap): Likewise.
	* grub-core/normal/cmdline.c (grub_set_history): Fix loop types and
	avoid possible infinite loops.
	* grub-core/script/parser.y: Add pragma to skip -Wmissing-declarations
	and -Wunsafe-loop-optimizations.
	* grub-core/script/yylex.l: Likewise.
	* util/grub-mkfont.c: Add pragma to skip -Wunsafe-loop-optimizations.
	(print_glyphs): Avoid infinite loops.
	* util/grub-mkimage.c (compress_kernel_xz): Fix format security.
2012-02-24 12:30:32 +01:00
Vladimir 'phcoder' Serbinenko
4a9f8346c9 * grub-core/commands/ls.c: Gettextize.
* grub-core/commands/setpci.c: Likewise.
        * grub-core/commands/videotest.c: Likewise.
        * grub-core/disk/geli.c: Likewise.
        * grub-core/kern/mm.c: Likewise.
        * grub-core/lib/relocator.c: Likewise.
        * grub-core/loader/efi/appleloader.c: Likewise.
        * grub-core/loader/i386/xnu.c: Likewise.
        * grub-core/loader/ia64/efi/linux.c: Likewise.
        * grub-core/loader/xnu.c: Likewise.
        * grub-core/net/dns.c: Likewise.
        * grub-core/net/net.c: Likewise.
        * grub-core/script/lexer.c: Likewise.
        * grub-core/script/parser.y: Likewise.
        * grub-core/script/yylex.l: Likewise.
        * util/getroot.c: Likewise.
        * util/grub-setup.c: Likewise.
2012-02-03 11:56:49 +01:00
Vladimir 'phcoder' Serbinenko
9c2710789f Eliminate grub_min/grub_max prone to overflow usage.
* grub-core/bus/usb/usbhub.c (grub_usb_add_hub): Eliminate grub_min.
	(poll_nonroot_hub): Likewise.
	* grub-core/fs/affs.c (grub_affs_iterate_dir): Likewise.
	(grub_affs_label): Likewise.
	* grub-core/fs/btrfs.c (grub_btrfs_lzo_decompress): Likewise.
	* grub-core/fs/hfs.c (grub_hfs_dir): Likewise.
	(grub_hfs_label): Likewise.
	* grub-core/fs/hfsplus.c (grub_hfsplus_cmp_catkey): Likewise.
	* grub-core/fs/zfs/zfs.c (MIN): Remove.
	(zap_leaf_array_equal): Use grub_size. Remove MIN.
	(zap_leaf_array_get): Likewise.
	(dnode_get_path): Likewise.
	* grub-core/io/lzopio.c (grub_lzopio_read): Eliminate grub_min.
	* grub-core/io/xzio.c (grub_xzio_read): Likewise.
	* grub-core/script/execute.c (grub_script_break): Likewise.
	* grub-core/script/lexer.c (grub_script_lexer_record): Eliminate
	grub_max.
	* grub-core/script/yylex.l (grub_lexer_yyrealloc): Likewise.
	* include/grub/misc.h (grub_min): Removed.
	(grub_max): Likewise.
2012-01-14 15:44:34 +01:00
Vladimir 'phcoder' Serbinenko
124df5f6ca Fine grainely disable warnings on lexer. Remove Wno-error on it.
* grub-core/Makefile.core.def (normal): Remove -Wno-error.
	* grub-core/script/lexer.c: Declare yytext_ptr to avoid having
	yylex_strncpy.
	* grub-core/script/yylex.l: Add fine-grained #pragma.
2011-10-23 23:32:06 +02:00
Vladimir 'phcoder' Serbinenko
5ff1d945ed Implement time command.
* grub-core/Makefile.core.def (time): New module.
	* grub-core/commands/time.c: New file.
	* grub-core/script/parser.y: Remove "time" keyword.
	* grub-core/script/yylex.l: Likewise.
2011-06-27 12:31:37 +02:00
Szymon Janc
cbf597afb1 * grub-core/commands/cmp.c (grub_cmd_cmp): Remove unnecessary NULL
pointer checks before calling grub_free().
	* grub-core/commands/wildcard.c (match_devices): Likewise.
	* grub-core/commands/wildcard.c (match_files): Likewise.
	* grub-core/fs/cpio.c (grub_cpio_dir): Likewise.
	* grub-core/fs/cpio.c (grub_cpio_open): Likewise.
	* grub-core/fs/udf.c (grub_udf_read_block): Likewise.
	* grub-core/fs/xfs.c (grub_xfs_read_block): Likewise.
	* grub-core/loader/efi/chainloader.c (grub_cmd_chainloader): Likewise.
	* grub-core/normal/cmdline.c (grub_cmdline_get): Likewise.
	* grub-core/script/yylex.l (grub_lexer_unput): Likewise.
	* grub-core/video/readers/jpeg.c (grub_video_reader_jpeg): Likewise.
	* grub-core/video/readers/png.c (grub_png_output_byte): Likewise.
2011-06-26 17:17:41 +02:00
Yves Blusseau
1d12cf2947 * grub-core/lib/LzFind.c: Add missing include.
* grub-core/lib/LzmaEnc.c: Likewise.
    * grub-core/script/lexer.c: Likewise.
    * grub-core/script/yylex.l: Likewise.
    * util/grub-macho2img.c: Likewise.
    * util/grub-menulst2cfg.c: Likewise.
    * util/grub-mklayout.c: Likewise.
    * util/grub-mkpasswd-pbkdf2.c
    * util/grub-mkrelpath.c: Likewise.
    * util/resolve.c: Likewise.
2010-09-24 09:19:57 +02:00
BVK Chaitanya
1bce65c7b1 not command (!) support 2010-09-05 14:57:28 +05:30
BVK Chaitanya
312e3e3668 merge with mainline 2010-09-04 11:28:45 +05:30
BVK Chaitanya
b899201c69 merge with mainline 2010-08-26 11:45:29 +05:30
BVK Chaitanya
47b4c2c3e8 pull-in block-arg branch 2010-08-26 11:32:35 +05:30
BVK Chaitanya
16c7cb32c8 merge with mainline 2010-08-19 16:54:00 +05:30
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30
Renamed from script/yylex.l (Browse further)