From patchwork Mon Jun 12 08:11:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiang W X-Patchwork-Id: 1793795 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=CNHx4Q3g; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=126.com header.i=@126.com header.a=rsa-sha256 header.s=s110527 header.b=LKMO4Isw; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Qfksz0qmVz20X6 for ; Mon, 12 Jun 2023 18:11:35 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6+hvQOaEC97hXO6AoPKLISfc/s6wspbdvvQ/CjRLtSA=; b=CNHx4Q3gjZeRew QFEskAmZmicn6YwqRxTmqzSwK9UFYom9I+0YxYbE3EkL4uCZYVJgtJK0dmupWIUg29v4V6bn+DqKE wPnztzd9Z/DQ4V5psysQmPbehqcmdG8p4bNlwrWG9Ff8LG1z9tUArQl156xW2mIbblXg+1bGEHFhL obaC2537032lM4CSlQfgBOCUIVMdkflf0/OyB2ic15nnR7QbxYN8aB15LsZPl4PNZoOQWRAhRfYGa ctCN+twH5juCBb5ZwUV0jg/3C1T5LViVvqHvEMwW7dQHXhfusRI3Yp9xm9Qb1IRzpmgioy+oHavvn yVYNgNTkuHUFi5kuCI+Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q8ce1-0033NU-1g; Mon, 12 Jun 2023 08:11:21 +0000 Received: from m126.mail.126.com ([220.181.12.35]) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q8cdx-0033ME-2U for opensbi@lists.infradead.org; Mon, 12 Jun 2023 08:11:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=F5G9o VP8SJNYttUZrMhqezksabE3erkA5tKA+0zY2mA=; b=LKMO4Iswg/NfuNLNw5LOI aJtlZYnLmzVDL/m7tgkekylyPMRabP2dpkHjELdckVrREnIsmJVW/nfQCK+NEmw1 GxeqxMJTnv7fumKUe/pa5Xmd5lvUC4n2D0htTAJADilIriBtALzc7UgutRynWfoz efYNJTQ1ZuHW9SNq2JeLxY= Received: from x390.lan (unknown [58.247.180.222]) by zwqz-smtp-mta-g0-1 (Coremail) with SMTP id _____wAHRMwb04ZkGoxbAA--.27164S2; Mon, 12 Jun 2023 16:11:07 +0800 (CST) From: Xiang W To: opensbi@lists.infradead.org Cc: Xiang W , anup@brainfault.org, jrtc27@jrtc27.com Subject: [PATCH v6 11/12] lib: sbi: Fix timing of clearing tbuf Date: Mon, 12 Jun 2023 16:11:02 +0800 Message-Id: <20230612081102.571456-1-wxjstz@126.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230612080959.571293-1-wxjstz@126.com> References: <20230612080959.571293-1-wxjstz@126.com> MIME-Version: 1.0 X-CM-TRANSID: _____wAHRMwb04ZkGoxbAA--.27164S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ZF1UJF1kZFW8Jry7Zr47Arb_yoW8Wr1Upr 1akF98JF4rtF1fW3yvyF13CF4rA34kG3WayrZrJ34rXFn5J3s7WrWqgF9YvrsxXrZ3AF1Y kFn5JFyUZFyUWrJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0ziJPE-UUUUU= X-Originating-IP: [58.247.180.222] X-CM-SenderInfo: pz0m23b26rjloofrz/1tbiFx+MOlpEGeZ2QwAAsq X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230612_011118_560760_C2660D73 X-CRM114-Status: UNSURE ( 9.72 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: A single scan of the format char may add multiple characters to the tbuf, causing a buffer overflow. You should check if tbuf is full in printc so that it does not cause a buffer overflow. Signed-off-by: Xiang W --- lib/sbi/sbi_console.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [wxjstz[at]126.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: opensbi@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "opensbi" Errors-To: opensbi-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org A single scan of the format char may add multiple characters to the tbuf, causing a buffer overflow. You should check if tbuf is full in printc so that it does not cause a buffer overflow. Signed-off-by: Xiang W --- lib/sbi/sbi_console.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/sbi/sbi_console.c b/lib/sbi/sbi_console.c index c227b0f..2eefee1 100644 --- a/lib/sbi/sbi_console.c +++ b/lib/sbi/sbi_console.c @@ -18,6 +18,8 @@ #define PAD_ZERO 2 #define PAD_ALTERNATE 4 #define PAD_SIGN 8 +#define USED_TBUF (1 << (8 * sizeof(int) - 1)) + #define PRINT_BUF_LEN 64 #define CONSOLE_TBUF_MAX 256 @@ -161,6 +163,11 @@ append: info->out[info->pos++] = ch; info->out[info->pos] = '\0'; info->pc++; + + if ((info->flags & USED_TBUF) && (info->len - info->pos <= 1)) { + nputs_all(info->out, info->pos); + info->pos = 0; + } } static void prints(struct print_info *info, const char *string) @@ -266,10 +273,9 @@ static void print(struct print_info *info, const char *format, va_list args) } for (; *format != 0; ++format) { - if (use_tbuf && (info->len - info->pos <= 1)) { - nputs_all(info->out, info->pos); - info->pos = 0; - } + info->flags = 0; + if (use_tbuf) + info->flags |= USED_TBUF; if (*format == '%') { ++format; if (*format == '\0') @@ -277,7 +283,6 @@ static void print(struct print_info *info, const char *format, va_list args) if (*format == '%') goto literal; /* Get flags */ - info->flags = 0; flags_done = false; while (!flags_done) { switch (*format) {