CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Colin Percival <cperciva@FreeBSD.org>
	Fri, 14 May 2021 18:07:37 +0000 (11:07 -0700)
committer	Colin Percival <cperciva@FreeBSD.org>
	Tue, 18 May 2021 03:07:49 +0000 (20:07 -0700)
commit	b6be9566d236f83ad1a44170a64b9a34e382eafa
tree	2b56d0fe661ca98df171c668b93f397542a99ac0	tree \| snapshot
parent	330f110bf1e420dc8d8ddadc4030e0ae1f1c52bd	commit \| diff

Fix buffer overflow in preloaded hostuuid cleaning

When a module of type "hostuuid" is provided by the loader,
prison0_init strips any trailing whitespace and ASCII control
characters by (a) adjusting the buffer length, and (b) zeroing out
the characters in question, before storing it as the system's
hostuuid.

The buffer length adjustment was correct, but the zeroing overwrote
one byte higher in memory than intended -- in the typical case,
zeroing one byte past the end of the hostuuid buffer. Due to the
layout of buffers passed by the boot loader to the kernel, this will
be the first byte of a subsequent buffer.

This was *probably* harmless; prison0_init runs after preloaded kernel
modules have been linked and after the preloaded /boot/entropy cache
has been processed, so in both cases having the first byte overwritten
will not cause problems. We cannot however rule out the possibility
that other objects which are preloaded by the loader could suffer from
having the first byte overwritten.

Since the zeroing does not in fact serve any purpose, remove it and
trim trailing whitespace and ASCII control characters by adjusting
the buffer length alone.

Fixes: c3188289 Preload hostuuid for early-boot use
Reviewed by: kevans, markj
MFC after: 3 days