From patchwork Wed Jul 27 12:12:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Jones X-Patchwork-Id: 1661217 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=sF80omBB; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ventanamicro.com header.i=@ventanamicro.com header.a=rsa-sha256 header.s=google header.b=KATzbW7F; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LtCMf6DDgz9s09 for ; Wed, 27 Jul 2022 22:12:30 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=MIrgtv5MccuWrfVgMDnAvJI600+1LGMGcpPP3W3Rb68=; b=sF80omBBN4HSuw OdQPEm7ly2GCcIf1b9u+JzHww+A1M2L0iGXq2yDPHpehBNBtngscvhVLmyeowZaqwZPpw0M1b1OwG d7qBno8iYnlG/hKEDYHwznbMJjcFDa/QztdZcuR3byDPBK5FRv1iCXwuRHySeyfkFO6liXr6RHnXx W3kV3utb46VSPVZ7GV3gWJ5JgKhZzkxbZx6Xum47BdkUfMYJrIe+qK8LpHO+ai7a8bpvTK1MEW9Rd wk7toU26rlnDOug6Z9J51lrndEWECauWQx2v1Ga2kAUWBHpQeyAgqRAwL0dCCB7WfETZxxeHeVvVf ysqqKOJmuwi5qT0bxoLw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oGftc-00DLmy-Dw; Wed, 27 Jul 2022 12:12:12 +0000 Received: from mail-ej1-x633.google.com ([2a00:1450:4864:20::633]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oGfta-00DLhK-0Q for opensbi@lists.infradead.org; Wed, 27 Jul 2022 12:12:11 +0000 Received: by mail-ej1-x633.google.com with SMTP id tk8so31106993ejc.7 for ; Wed, 27 Jul 2022 05:12:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ventanamicro.com; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=L6drswBqlvL5pQXyLhxaBjJWzSyziVLMpvJePYwJ3Ks=; b=KATzbW7FkbaUEtOqgmjQxrNKfEftUu8m4sDgIf+DNpnaub7UFnRI4yoYGn6Jw2RRKc WmrOed6Qz88EBOpr551dkI2XFtpJYxq7KLMLGSMretTFLTCI8la1XkRWAu9LNPGK5n4o d9tLTvCtCSSaOQV6i6WfAQMLQ6bWUdoqvjDzfSykawYzhsg2mWuPzPBgnp6v1LjsdnKN G8GqfXB76w2L250tHJiRmk60STOmpLljlb82Qg7PurScOuOZ+w4+KHGDMsZxxCx9+7RX vK1DLENvunmha2bIEDd0niyNyYO8T+C0fd4/RtD5tze0PXvQuk37ZoY5p2H92D4tS97/ NJwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=L6drswBqlvL5pQXyLhxaBjJWzSyziVLMpvJePYwJ3Ks=; b=SEssRGsmFMkBXBGqXopEHXbLUjcNpyPJszmp5iVEIruYy7cP4KPGyOaLnPHXIB10T9 PrsY7YkhnR6wPuq+zpCq7iUJBGq6CqrgXtTU3ZoZdUuV0OZD7ObyajhXMBjnlNCGA0Qw 1ezcCZCoUIsLHdijBhLnO0Y9nh11sm2chOyQtnDHupZ3bI2ar2mDvozaTqWI5PPDu07H n2TMNvaXtojFGW4s60w6IhUxLLO1bsODlxlIAgF1kFD6UZfSWsoRnH+UFRY0sOmpQ1V0 MvSG4DT4tLrsSDImBtdMLtIDVULpprtloiFeUo8vR4y2oYnMkDfKz3roxzXxWldw2WNb ssyg== X-Gm-Message-State: AJIora8iXTYnrM24Xnkn+JE49GoDPhuO2zchrT6J78/p4xLa3YKtMH1m RIeY3VPoI4kAy4BTSbiJwN20ATs62VQ+5g== X-Google-Smtp-Source: AGRyM1tpQRh0oWrZ9J3l43QmH/Vjc2M7Q4bi4CX8gtTCmBm9MzTI6aZ0BribJaX6oUn5/UZYwCN7cw== X-Received: by 2002:a17:907:a40f:b0:72b:64ee:5b2f with SMTP id sg15-20020a170907a40f00b0072b64ee5b2fmr18620450ejc.268.1658923923962; Wed, 27 Jul 2022 05:12:03 -0700 (PDT) Received: from localhost (cst-prg-3-190.cust.vodafone.cz. [46.135.3.190]) by smtp.gmail.com with ESMTPSA id o13-20020a170906768d00b0072f9e7ce354sm7012533ejm.139.2022.07.27.05.12.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Jul 2022 05:12:03 -0700 (PDT) From: Andrew Jones To: opensbi@lists.infradead.org Cc: Anup Patel , wxjstz@126.com Subject: [PATCH v2] lib: sbi: Fix sbi_snprintf Date: Wed, 27 Jul 2022 14:12:01 +0200 Message-Id: <20220727121201.11508-1-ajones@ventanamicro.com> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220727_051210_077350_B334DFDB X-CRM114-Status: GOOD ( 14.64 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: printc would happily write to 'out' even when 'out_len' was zero, potentially overflowing buffers. Rework printc to not do that and also ensure the null byte is written at the last position when neces [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:633 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org printc would happily write to 'out' even when 'out_len' was zero, potentially overflowing buffers. Rework printc to not do that and also ensure the null byte is written at the last position when necessary, as stated in the snprintf man page. Also, panic if sprintf or snprintf are called with NULL output strings (except the special case of snprintf having a NULL output string and a zero output size, allowing it to be used to get the number of characters that would have been written). Finally, rename a goto label which clashed with 'out'. Fixes: 9e8ff05cb61f ("Initial commit.") Signed-off-by: Andrew Jones --- v2: - Simply forbid *out == NULL by panicing when it's detected. (The error message for snprintf has been split over two lines to avoid going over 80 chars. I'd prefer error messages not be split, but that seems like the general practice for opensbi.) - Drop some branches, particularly the extra 'if (out)' in print(), by always writing a '\0' on each printc [Xiang W] lib/sbi/sbi_console.c | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/lib/sbi/sbi_console.c b/lib/sbi/sbi_console.c index 34c843d3f9e3..e300d710b5c8 100644 --- a/lib/sbi/sbi_console.c +++ b/lib/sbi/sbi_console.c @@ -76,20 +76,18 @@ typedef __builtin_va_list va_list; static void printc(char **out, u32 *out_len, char ch) { - if (out) { - if (*out) { - if (out_len && (0 < *out_len)) { - **out = ch; - ++(*out); - (*out_len)--; - } else { - **out = ch; - ++(*out); - } - } - } else { + if (!out) { sbi_putc(ch); + return; } + + if (!out_len || *out_len > 1) { + *(*out)++ = ch; + **out = '\0'; + } + + if (out_len && *out_len > 0) + --(*out_len); } static int prints(char **out, u32 *out_len, const char *string, int width, @@ -193,7 +191,7 @@ static int print(char **out, u32 *out_len, const char *format, va_list args) if (*format == '\0') break; if (*format == '%') - goto out; + goto literal; /* Get flags */ if (*format == '-') { ++format; @@ -332,13 +330,11 @@ static int print(char **out, u32 *out_len, const char *format, va_list args) continue; } } else { - out: +literal: printc(out, out_len, *format); ++pc; } } - if (out) - **out = '\0'; return pc; } @@ -348,6 +344,9 @@ int sbi_sprintf(char *out, const char *format, ...) va_list args; int retval; + if (unlikely(!out)) + sbi_panic("sbi_sprintf called with NULL output string\n"); + va_start(args, format); retval = print(&out, NULL, format, args); va_end(args); @@ -360,6 +359,10 @@ int sbi_snprintf(char *out, u32 out_sz, const char *format, ...) va_list args; int retval; + if (unlikely(!out && out_sz != 0)) + sbi_panic("sbi_snprintf called with NULL output string and " + "output size is not zero\n"); + va_start(args, format); retval = print(&out, &out_sz, format, args); va_end(args);