Bug 27693

Summary:	/boot/loader may hang on "load -t type file" when type is missing
Product:	Base System	Reporter:	Adrian Steinmann <ast>
Component:	i386	Assignee:	freebsd-bugs (Nobody) <bugs>
Status:	Closed FIXED
Severity:	Affects Only Me
Priority:	Normal
Version:	Unspecified
Hardware:	Any
OS:	Any

Description Adrian Steinmann 2001-05-27 20:40:02 UTC

In sys/boot/common/module.c, near line 105 a request for a raw
file is processed by passing its name in argv[1]:
        return(mod_loadobj(typestr, argv[1]));
however, it is not tested to see if argv[1] actually is defined.

At best, mod_loadobj() near line 244 returns an error like
"can't find 'garbage'" but if the "filename" entered is sufficiently
long, some buffer gets overrun. Of course, "load -t filename" is
actually a typo because we meant to type "load -t mfs_root filename";
nevertheless, a hung machine seems like too harsh a punishment for
such a small typo...

Fix: With the patch to module.c attached below, we diagnose the bogus argv[1]
as being a bad type:

FreeBSD/i386 bootstrap loader, Revision 0.8
(root@srv.marabu.ch, Sun May 27 20:57:11 MEST 2001)
Loading /boot/defaults/loader.conf 
/kernel text=0x18f9bb data=0x20c4c+0x2aecc syms=[0x4+0x26990+0x4+0x2bf24]

Hit [Enter] to boot immediately, or any other key for command prompt.


Type '?' for a list of commands, 'help' for more detailed help.
ok unload
ok ls
/
 d  root
 d  home
 d  bin
 d  boot
 d  dev
 d  etc
 d  mnt
 d  sbin
 l  tmp
 d  usr
 d  var
    .cshrc
    .profile
    kernel.GENERIC
    kernel.config
    boot.config
    k.GENERIC.gz
    fs.GENERIC.gz
 d  pi
    kernel
    k.PIC.gz
    fs.PIC.gz
ok load k.PIC                                           
/k.PIC text=0xdd797 data=0x17294+0x16420 /
ok load -t fs.PIC
invalid load type
ok load -t mfs_root foo bar
invalid load type
ok load -t mfs_root fs.PIC
ok 




Adrian Steinmann
_________________________________________________________________________
Dr. Adrian Steinmann  Steinmann Consulting  Apollostrasse 21  8032 Zurich
   Tel +41 1 380 30 83     Fax +41 1 380 30 85    Mailto:ast@marabu.ch--xIvXk72uvbjhXR2H47KHDmFqb5kjOEKVOmNQS4tezCdChwg6
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

Index: module.c
===================================================================
RCS file: /usr/cvs/src/sys/boot/common/module.c,v
retrieving revision 1.13.2.1
diff -u -r1.13.2.1 module.c
--- module.c    2000/12/28 13:12:35     1.13.2.1
+++ module.c    2001/05/27 18:56:21
@@ -98,7 +98,7 @@
      * Request to load a raw file?
      */
     if (dofile) {
-       if ((typestr == NULL) || (*typestr == 0)) {
+       if (argc != 2 || (typestr == NULL) || (*typestr == 0)) {
            command_errmsg = "invalid load type";
            return(CMD_ERROR);
        }
How-To-Repeat: Here is a session which shows the problem:

FreeBSD/i386 bootstrap loader, Revision 0.8
(root@srv.marabu.ch, Wed May 23 12:39:29 GMT 2001)
Loading /boot/defaults/loader.conf 
/kernel text=0x18f9bb data=0x20c4c+0x2aecc syms=[0x4+0x26990+0x4+0x2bf24]

Hit [Enter] to boot immediately, or any other key for command prompt.


Type '?' for a list of commands, 'help' for more detailed help.
ok  unload
ok ls
/
 d  root
 d  home
 d  bin
 d  boot
 d  dev
 d  etc
 d  mnt
 d  sbin
 l  tmp
 d  usr
 d  var
    .cshrc
    .profile
    kernel.GENERIC
    kernel.config
    boot.config
    k.GENERIC.gz
    fs.GENERIC.gz
 d  pi
    kernel
    k.PIC.gz
    fs.PIC.gz
ok load k.PIC                                           
/k.PIC text=0xdd797 data=0x17294+0x16420 /
ok load -t fs.PIC
can't find 'øt 
À
 '
ok 
ok load -t fs.PIC...........
can't find 'ÄëÄëÄëÄë
... HUNG!

Comment 1 Jesper Skriver freebsd_committer

2001-05-28 00:24:44 UTC

State Changed
From-To: open->closed

committed