multiboot: Fix buffer overflow on invalid kernels

[Qemu-devel] [PATCH 0/5] multiboot: Fix buffer overflow on invalid kernels

Kevin Wolf posted 5 patches 7 years, 7 months ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20180314173213.18563-1-kwolf@redhat.com

Test checkpatch passed

Test docker-build@min-glib passed

Test docker-mingw@fedora passed

Test docker-quick@centos6 passed

Test s390x passed

hw/i386/multiboot.c             |   8 +++
tests/multiboot/.gitignore      |   3 +
tests/multiboot/Makefile        |  22 +++++--
tests/multiboot/aout_kludge.S   | 138 ++++++++++++++++++++++++++++++++++++++++
tests/multiboot/aout_kludge.out |  42 ++++++++++++
tests/multiboot/run_test.sh     |  34 ++++++----
6 files changed, 227 insertions(+), 20 deletions(-)
create mode 100644 tests/multiboot/.gitignore
create mode 100644 tests/multiboot/aout_kludge.S
create mode 100644 tests/multiboot/aout_kludge.out

Expand all Fold all

[Qemu-devel] [PATCH 0/5] multiboot: Fix buffer overflow on invalid kernels

Posted by Kevin Wolf 7 years, 7 months ago

Patch 1 fixes another Multiboot kernel validation bug that could cause
QEMU to load the kernel image file into a too small buffer. Patch 2 adds
another check to harden the code. The rest of the series adds Multiboot
test cases for kernels using the a.out kludge, which is where the recent
bugs were found.

Kevin Wolf (5):
  multiboot: Reject kernels exceeding the address space
  multiboot: Check validity of mh_header_addr
  tests/multiboot: Test exit code for every qemu run
  tests/multiboot: Add tests for the a.out kludge
  tests/multiboot: Add .gitignore

 hw/i386/multiboot.c             |   8 +++
 tests/multiboot/.gitignore      |   3 +
 tests/multiboot/Makefile        |  22 +++++--
 tests/multiboot/aout_kludge.S   | 138 ++++++++++++++++++++++++++++++++++++++++
 tests/multiboot/aout_kludge.out |  42 ++++++++++++
 tests/multiboot/run_test.sh     |  34 ++++++----
 6 files changed, 227 insertions(+), 20 deletions(-)
 create mode 100644 tests/multiboot/.gitignore
 create mode 100644 tests/multiboot/aout_kludge.S
 create mode 100644 tests/multiboot/aout_kludge.out

-- 
2.13.6

Re: [Qemu-devel] [PATCH 0/5] multiboot: Fix buffer overflow on invalid kernels

Posted by Jack Schwartz 7 years, 7 months ago

Hi Kevin.

I see an issue with the commit message of patch 1; please see my reply 
to that patch for details.  I fully understand patches 1,2,3, patch 4 
except for some of the Makefile black magic, and patch 5 looks 
reasonable to me.

So, for patches 2,3,4,5:
     Reviewed-by: Jack Schwartz <jack.schwartz@oracle.com>

     Thanks,
     Jack

On 2018-03-14 10:32, Kevin Wolf wrote:
> Patch 1 fixes another Multiboot kernel validation bug that could cause
> QEMU to load the kernel image file into a too small buffer. Patch 2 adds
> another check to harden the code. The rest of the series adds Multiboot
> test cases for kernels using the a.out kludge, which is where the recent
> bugs were found.
>
> Kevin Wolf (5):
>    multiboot: Reject kernels exceeding the address space
>    multiboot: Check validity of mh_header_addr
>    tests/multiboot: Test exit code for every qemu run
>    tests/multiboot: Add tests for the a.out kludge
>    tests/multiboot: Add .gitignore
>
>   hw/i386/multiboot.c             |   8 +++
>   tests/multiboot/.gitignore      |   3 +
>   tests/multiboot/Makefile        |  22 +++++--
>   tests/multiboot/aout_kludge.S   | 138 ++++++++++++++++++++++++++++++++++++++++
>   tests/multiboot/aout_kludge.out |  42 ++++++++++++
>   tests/multiboot/run_test.sh     |  34 ++++++----
>   6 files changed, 227 insertions(+), 20 deletions(-)
>   create mode 100644 tests/multiboot/.gitignore
>   create mode 100644 tests/multiboot/aout_kludge.S
>   create mode 100644 tests/multiboot/aout_kludge.out
>