Commit cd186442 authored by Steve McIntyre's avatar Steve McIntyre

Merge branch 'hack' from 93sam

Changes:

 crash fixes
 generate dbx file at runtime
parents 8036ee26 549f650b
shim (15+1533136590.3beb971-7) UNRELEASED; urgency=medium
[ Ansgar Burchardt ]
* debian/control: Update Vcs-* fields
-- Ansgar Burchardt <ansgar@debian.org> Tue, 12 Mar 2019 21:22:28 +0100
[ Steve McIntyre ]
* Backport needed crash fixes:
+ VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls
+ Fix OBJ_create() to tolerate a NULL sn and ln
* Build using gcc-7 to get better control of reproducibility during the
lifetime of Buster.
* Build in a dbx list to blacklist binaries that we know to not be
secure. Build-depend on a new (bug-fixed) version of pesign to
generate that list at build time, using a list of known bad hashes.
* Initial list of known bad hashes is just my personal test binary.
-- Steve McIntyre <93sam@debian.org> Fri, 03 May 2019 01:39:34 +0100
shim (15+1533136590.3beb971-6) unstable; urgency=medium
......
......@@ -4,7 +4,7 @@ Priority: optional
Maintainer: Debian EFI team <debian-efi@lists.debian.org>
Uploaders: Steve Langasek <vorlon@debian.org>, Steve McIntyre <93sam@debian.org>
Standards-Version: 4.3.0
Build-Depends: debhelper (>= 9), gnu-efi (>= 3.0u), sbsigntool, openssl, libelf-dev
Build-Depends: debhelper (>= 9), gnu-efi (>= 3.0u), sbsigntool, openssl, libelf-dev, gcc-7, pesign (>= 0.112-5)
Vcs-Browser: https://salsa.debian.org/efi-team/shim
Vcs-Git: https://salsa.debian.org/efi-team/shim.git
......
# debian-dbx.hashes
#
# This file contains the sha256 sums of the binaries that we want to
# blacklist directly in our signed shim. Add entries below, with comments
# to explain each entry (where possible).
#
# Format of this file: put hex-encoded sha256 checksums on lines on
# their own. I'm using shell-style comments just for clarity.
#
# The hashes are generated using:
#
# pesign --hash -in <binary>
#
# on *either* the signed or unsigned binary, pesign doesn't care
# which.
# Sledge's test arm64 grub binary
d0555468007c31bd75c1f1c984e5b4adbb464bc68e5dedd670535ee97acc7dd9
# Files from grub-efi-arm64-signed_1+2.02+dfsg1+16_arm64.deb
# (allows use of the devicetree command in secure mode)
# grubaa64.efi.signed
1c88f32ebd6ecd1a84d83940f78b0d69168a4ff57a1f57fd070e7307899bbc99
# grubnetaa64.efi.signed
7f5074f42eb92f183fa8748c92992bae8b23a963bc9f8b85692ee7116dc3dcb0
# gcdaa64.efi.signed
d9e95ad9ea0e0df522f7f41ef9fd9cb5e65cfb0c285465aabd077023e6edb6ba
# Files from grub-efi-arm64-signed_1+2.02+dfsg1+17_arm64.deb
# (allows use of the devicetree command in secure mode)
# grubaa64.efi.signed
77fb2b05450520eecdbbfa3070fb26405d151b576cd6dffc8cab6a2f0bcff10c
# grubnetaa64.efi.signed
d70b41ea19ea19836198252ac90b1b6fca40ad6baa3911b4a27e886e6423426a
# gcdaa64.efi.signed
44f20309d8b0f661da2c3cf225ba9c0f7b8a2d6ff3885ecba710e5907870ee24
commit 20e731f423a438f53738de73af9ef3d67c4cba2f
Author: Peter Jones <pjones@redhat.com>
Date: Tue Feb 12 18:04:49 2019 -0500
VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls
VLogError() calculates the size of format strings by using calls to
SPrint and VSPrint with a StrSize of 0 and NULL for an output buffer.
Unfortunately, this is an incorrect usage of (V)Sprint. A StrSize
of "0" is special-cased to mean "there is no limit". So, we end up
writing our string to address 0x0. This was discovered because it
causes a crash on ARM where, unlike x86, it does not necessarily
have memory mapped at 0x0.
Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which
handles the size calculation and allocation for us.
Signed-off-by: Peter Jones <pjones@redhat.com>
Fixes: 25f6fd08cd26 ("try to show errors more usefully.")
[dannf: commit message ]
Signed-off-by: dann frazier <dann.frazier@canonical.com>
diff --git a/errlog.c b/errlog.c
index 18be482..eebb266 100644
--- a/errlog.c
+++ b/errlog.c
@@ -14,29 +14,20 @@ EFI_STATUS
VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
{
va_list args2;
- UINTN size = 0, size2;
CHAR16 **newerrs;
- size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
- va_copy(args2, args);
- size2 = VSPrint(NULL, 0, fmt, args2);
- va_end(args2);
-
newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
(nerrs + 3) * sizeof(*errs));
if (!newerrs)
return EFI_OUT_OF_RESOURCES;
- newerrs[nerrs] = AllocatePool(size*2+2);
+ newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
if (!newerrs[nerrs])
return EFI_OUT_OF_RESOURCES;
- newerrs[nerrs+1] = AllocatePool(size2*2+2);
+ va_copy(args2, args);
+ newerrs[nerrs+1] = VPoolPrint(fmt, args2);
if (!newerrs[nerrs+1])
return EFI_OUT_OF_RESOURCES;
-
- SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
- va_copy(args2, args);
- VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
va_end(args2);
nerrs += 2;
commit 3a9e237b1baddf0d3192755406befb3e9fa5ca80
Author: dann frazier <dann.frazier@canonical.com>
Date: Thu Mar 7 19:55:42 2019 -0700
Fix OBJ_create() to tolerate a NULL sn and ln
From: https://github.com/openssl/openssl/commit/f13615c5b828aeb8e3d9bf2545c803633d1c684f
Apply an upstream patch from OpenSSL to tolerate a NULL sn. This avoids
a NULL pointer reference in shim.c:verify_eku(). This was discovered
because it causes a crash on ARM where, unlike x86, it does not necessarily
have memory mapped at 0x0.
Fixes: 6c180c6004ac ("shim: verify Extended Key Usage flags")
Signed-off-by: dann frazier <dann.frazier@canonical.com>
diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
index 259851b..9b850ed 100644
--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
+++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
@@ -685,7 +685,8 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
int ok = 0;
/* Check to see if short or long name already present */
- if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) {
+ if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
+ || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
return 0;
}
fixup_git.patch
uname.patch
avoid_null_vsprint.patch
check_null_sn_ln.patch
......@@ -15,6 +15,9 @@ else
distributor=debian
endif
export DBX_LIST = dbx.esl
export DBX_HASHES = debian/$(distributor)-dbx.hashes
include /usr/share/dpkg/architecture.mk
ifeq ($(DEB_HOST_ARCH),amd64)
......@@ -34,17 +37,29 @@ COMMON_OPTIONS += \
EFI_PATH=/usr/lib \
ENABLE_HTTPBOOT=true \
VENDOR_CERT_FILE=$(cert) \
VENDOR_DBX_FILE=$(DBX_LIST) \
EFIDIR=$(distributor) \
CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- \
CC=$(DEB_HOST_GNU_TYPE)-gcc-7 \
$(NULL)
$(DBX_LIST):
if [ -f ${DBX_HASHES} ]; then \
for HASH in $$(grep -E [[:xdigit:]]{32} ${DBX_HASHES}); do \
efisiglist -o ${DBX_LIST} -a -h $$HASH; \
done; \
else \
touch ${DBX_LIST}; \
fi
%:
dh $@ --parallel
override_dh_auto_clean:
dh_auto_clean -- MAKELEVEL=0
rm -f $(DBX_LIST)
override_dh_auto_build:
override_dh_auto_build: $(DBX_LIST)
dh_auto_build -- $(COMMON_OPTIONS)
override_dh_auto_install:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment