Bug 207070

Summary: gptboot not zeroing memory while reading from boot.config
Product: Base System Reporter: david
Component: kernAssignee: Steven Hartland <smh>
Status: Closed FIXED    
Severity: Affects Some People CC: amd64, david, sbruno, smh
Priority: --- Keywords: patch
Version: 10.2-STABLE   
Hardware: amd64   
OS: Any   
Attachments:
Description Flags
The patch none

Description david 2016-02-10 02:53:50 UTC 
This should effect both i386 and amd64.. but I can only pick one.

gptboot does not zero the read buffer around line 162, the result is a nondeterminstic, apparently hardware/bios specific condition where parsing fails on the unterminated boot.config file.

Patch is:

--- /usr/src/sys/boot/i386/gptboot/gptboot.c    2015-08-12 10:22:09.000000000 -0400
+++ gptboot.c   2016-02-05 21:09:12.000000000 -0500
@@ -159,9 +159,9 @@
                return (-1);
 
        autoboot = 1;
-       *cmd = '\0';
 
        for (;;) {
+               bzero(cmd, sizeof(cmd));
                *kname = '\0';
                if ((ino = lookup(PATH_CONFIG)) ||
                    (ino = lookup(PATH_DOTCONFIG)))


Pretty straighforwaed, eliminate the single null terminationa and replace with a bzero of the entire buffer.  single byte termination handled the case where here was no boot.config file, but not the case where there was something read it.
Comment 1 david 2016-02-10 02:54:59 UTC 
Created attachment 166823 [details]
The patch

Patch
Comment 2 Steven Hartland freebsd_committer freebsd_triage 2016-02-20 03:13:08 UTC 
This is a missing MFC of r272785
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-02-20 10:57:46 UTC 
A commit references this bug:

Author: smh
Date: Sat Feb 20 10:56:46 UTC 2016
New revision: 295835
URL: https://svnweb.freebsd.org/changeset/base/295835

Log:
  MFC r272785:

  Null terminate boot config buffer

  PR:		207070
  Approved by:	re (gjb)
  Sponsored by:	Multiplay

Changes:
_U  stable/10/
  stable/10/sys/boot/i386/gptboot/gptboot.c