Bug 207070 - gptboot not zeroing memory while reading from boot.config
Summary: gptboot not zeroing memory while reading from boot.config
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.2-STABLE
Hardware: amd64 Any
: --- Affects Some People
Assignee: Steven Hartland
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2016-02-10 02:53 UTC by david
Modified: 2016-04-06 22:49 UTC (History)
4 users (show)

See Also:


Attachments
The patch (439 bytes, patch)
2016-02-10 02:54 UTC, david
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description david 2016-02-10 02:53:50 UTC
This should effect both i386 and amd64.. but I can only pick one.

gptboot does not zero the read buffer around line 162, the result is a nondeterminstic, apparently hardware/bios specific condition where parsing fails on the unterminated boot.config file.

Patch is:

--- /usr/src/sys/boot/i386/gptboot/gptboot.c    2015-08-12 10:22:09.000000000 -0400
+++ gptboot.c   2016-02-05 21:09:12.000000000 -0500
@@ -159,9 +159,9 @@
                return (-1);
 
        autoboot = 1;
-       *cmd = '\0';
 
        for (;;) {
+               bzero(cmd, sizeof(cmd));
                *kname = '\0';
                if ((ino = lookup(PATH_CONFIG)) ||
                    (ino = lookup(PATH_DOTCONFIG)))


Pretty straighforwaed, eliminate the single null terminationa and replace with a bzero of the entire buffer.  single byte termination handled the case where here was no boot.config file, but not the case where there was something read it.
Comment 1 david 2016-02-10 02:54:59 UTC
Created attachment 166823 [details]
The patch

Patch
Comment 2 Steven Hartland freebsd_committer 2016-02-20 03:13:08 UTC
This is a missing MFC of r272785
Comment 3 commit-hook freebsd_committer 2016-02-20 10:57:46 UTC
A commit references this bug:

Author: smh
Date: Sat Feb 20 10:56:46 UTC 2016
New revision: 295835
URL: https://svnweb.freebsd.org/changeset/base/295835

Log:
  MFC r272785:

  Null terminate boot config buffer

  PR:		207070
  Approved by:	re (gjb)
  Sponsored by:	Multiplay

Changes:
_U  stable/10/
  stable/10/sys/boot/i386/gptboot/gptboot.c