Fix buffer overflow in preloaded hostuuid cleaning
When a module of type "hostuuid" is provided by the loader, prison0_init strips any trailing whitespace and ASCII control characters by (a) adjusting the buffer length, and (b) zeroing out the characters in question, before storing it as the system's hostuuid. The buffer length adjustment was correct, but the zeroing overwrote one byte higher in memory than intended -- in the typical case, zeroing one byte past the end of the hostuuid buffer. Due to the layout of buffers passed by the boot loader to the kernel, this will be the first byte of a subsequent buffer. This was *probably* harmless; prison0_init runs after preloaded kernel modules have been linked and after the preloaded /boot/entropy cache has been processed, so in both cases having the first byte overwritten will not cause problems. We cannot however rule out the possibility that other objects which are preloaded by the loader could suffer from having the first byte overwritten. Since the zeroing does not in fact serve any purpose, remove it and trim trailing whitespace and ASCII control characters by adjusting the buffer length alone. Fixes: c3188289 Preload hostuuid for early-boot use Reviewed by: kevans, markj MFC after: 3 days
This commit is contained in:
Colin Percival
parent
330f110bf1
commit
b6be9566d2
@ -257,7 +257,7 @@ prison0_init(void)
|
||||
* non-printable characters to be safe.
|
||||
*/
|
||||
while (size > 0 && data[size - 1] <= 0x20) {
|
||||
data[size--] = '\0';
|
||||
size--;
|
||||
}
|
||||
if (validate_uuid(data, size, NULL, 0) == 0) {
|
||||
(void)strlcpy(prison0.pr_hostuuid, data,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user