linux-toradex.git/usr/gen_init_cpio.c, branch v3.2.73 Linux kernel for Apalis and Colibri modules gen_init_cpio: avoid stack overflow when expanding 2012-10-30T23:27:07+00:00 Kees Cook keescook@chromium.org 2012-10-25T20:38:14+00:00 4253a4a1c331f534be64365524e88f317c7f0824 commit 20f1de659b77364d55d4e7fad2ef657e7730323f upstream. Fix possible overflow of the buffer used for expanding environment variables when building file list. In the extremely unlikely case of an attacker having control over the environment variables visible to gen_init_cpio, control over the contents of the file gen_init_cpio parses, and gen_init_cpio was built without compiler hardening, the attacker can gain arbitrary execution control via a stack buffer overflow. $ cat usr/crash.list file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0 $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list *** buffer overflow detected ***: ./usr/gen_init_cpio terminated This also replaces the space-indenting with tabs. Patch based on existing fix extracted from grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Michal Marek <mmarek@suse.cz> Cc: Brad Spengler <spender@grsecurity.net> Cc: PaX Team <pageexec@freemail.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 
commit 20f1de659b77364d55d4e7fad2ef657e7730323f upstream.

Fix possible overflow of the buffer used for expanding environment
variables when building file list.

In the extremely unlikely case of an attacker having control over the
environment variables visible to gen_init_cpio, control over the
contents of the file gen_init_cpio parses, and gen_init_cpio was built
without compiler hardening, the attacker can gain arbitrary execution
control via a stack buffer overflow.

  $ cat usr/crash.list
  file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0
  $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list
  *** buffer overflow detected ***: ./usr/gen_init_cpio terminated

This also replaces the space-indenting with tabs.

Patch based on existing fix extracted from grsecurity.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Brad Spengler <spender@grsecurity.net>
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
initramfs: Use KBUILD_BUILD_TIMESTAMP for generated entries 2011-04-18T12:27:52+00:00 Michal Marek mmarek@suse.cz 2011-03-31T21:16:42+00:00 a8b8017c34fefcb763d8b06c294b58d1c480b2e4 gen_init_cpio gets the current time and uses it for each symlink, special file, and directory. Grab the current time once and make it possible to override it with the KBUILD_BUILD_TIMESTAMP variable for reproducible builds. Signed-off-by: Michal Marek <mmarek@suse.cz> 
gen_init_cpio gets the current time and uses it for each symlink,
special file, and directory.  Grab the current time once and make it
possible to override it with the KBUILD_BUILD_TIMESTAMP variable for
reproducible builds.

Signed-off-by: Michal Marek <mmarek@suse.cz>
gen_init_cpio: checkpatch fixes 2011-01-05T22:49:53+00:00 Andrew Morton akpm@linux-foundation.org 2011-01-05T22:49:53+00:00 a3c888fcda911fcb6e3c071aecf49ccb6effe79d Cc: Jesper Juhl <jj@chaosbits.net> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Michal Marek <mmarek@suse.cz> 
Cc: Jesper Juhl <jj@chaosbits.net>
Cc: Michal Marek <mmarek@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
gen_init_cpio: Avoid race between call to stat() and call to open() 2010-12-29T14:06:54+00:00 Jesper Juhl jj@chaosbits.net 2010-12-24T20:28:56+00:00 96aebafa63418f447ddc823e40da341cc40553dd In usr/gen_init_cpio.c::cpio_mkfile() a call to stat() is made based on pathname, subsequently the file is open()'ed and then the value of the initial stat() call is used to allocate a buffer. This is not safe since the file may change between the call to stat() and the call to open(). Safer to just open() the file and then do fstat() using the filedescriptor returned by open. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Acked-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Michal Marek <mmarek@suse.cz> 
In usr/gen_init_cpio.c::cpio_mkfile() a call to stat() is made based on
pathname, subsequently the file is open()'ed and then the value of the
initial stat() call is used to allocate a buffer. This is not safe since
the file may change between the call to stat() and the call to open().
Safer to just open() the file and then do fstat() using the filedescriptor
returned by open.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
gen_init_cpio: remove leading `/' from file names 2010-12-02T13:28:50+00:00 Thomas Chou thomas@wytron.com.tw 2010-10-06T07:13:53+00:00 43f901fbc8ba94bfa8d58155ba9378d7a13af636 When we extracted the generated cpio archive using "cpio -id" command, it complained, cpio: Removing leading `/' from member names var/run cpio: Removing leading `/' from member names var/lib cpio: Removing leading `/' from member names var/lib/misc It is worse with the latest "cpio" or "pax", which tries to overwrite the host file system with the leading '/'. So the leading '/' of file names should be removed. This is consistent with the initramfs come with major distributions such as Fedora or Debian, etc. Signed-off-by: Thomas Chou <thomas@wytron.com.tw> Acked-by: Mike Frysinger<vapier@gentoo.org> Signed-off-by: Michal Marek <mmarek@suse.cz> 
When we extracted the generated cpio archive using "cpio -id" command,
it complained,

cpio: Removing leading `/' from member names
var/run
cpio: Removing leading `/' from member names
var/lib
cpio: Removing leading `/' from member names
var/lib/misc

It is worse with the latest "cpio" or "pax", which tries to overwrite
the host file system with the leading '/'.

So the leading '/' of file names should be removed. This is consistent
with the initramfs come with major distributions such as Fedora or
Debian, etc.

Signed-off-by: Thomas Chou <thomas@wytron.com.tw>
Acked-by: Mike Frysinger<vapier@gentoo.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
gen_init_cpio: fixed fwrite warning 2009-12-12T12:08:17+00:00 Mike Frysinger vapier@gentoo.org 2009-12-09T11:55:19+00:00 6d87fea4dd7152df4a4605a3846c3bf10f869e0c On compilers with security warnings enabled by default, we get: usr/gen_init_cpio.c: In function ‘cpio_mkfile’: usr/gen_init_cpio.c:357: warning: ignoring return value of ‘fwrite’, declared with attribute warn_unused_result So check the return value and handle errors accordingly. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Michal Marek <mmarek@suse.cz> 
On compilers with security warnings enabled by default, we get:

usr/gen_init_cpio.c: In function ‘cpio_mkfile’:
usr/gen_init_cpio.c:357: warning: ignoring return value of ‘fwrite’,
                                  declared with attribute warn_unused_result

So check the return value and handle errors accordingly.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Fix all -Wmissing-prototypes warnings in x86 defconfig 2009-09-23T14:39:28+00:00 Trevor Keith tsrk@tsrk.net 2009-09-22T23:43:38+00:00 5c725138437837291db5c25f4a076ee852e806e3 Signed-off-by: Trevor Keith <tsrk@tsrk.net> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Signed-off-by: Trevor Keith <tsrk@tsrk.net>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kbuild: gen_init_cpio expands shell variables in file names 2008-12-03T20:32:03+00:00 Sally, Gene Gene.Sally@timesys.com 2008-10-29T13:54:17+00:00 3b1ec9fb8197197d5e3bcca3a05e82d4f50f11bc Modify gen_init_cpio so that lines that specify files can contain what looks like a shell variable that's expanded during processing. For example: file /sbin/kinit ${RFS_BASE}/usr/src/klibc/kinit/kinit 0755 0 0 given RFS_BASE is "/some/directory" in the environment would be expanded to file /sbin/kinit /some/directory/usr/src/klibc/kinit/kinit 0755 0 0 If several environment variables appear in a line, they are all expanded with processing happening from left to right. Undefined variables expand to a null string. Syntax errors stop processing, letting the existing error handling show the user offending line. This patch helps embedded folks who frequently create several RFS directories and then switch between them as they're tuning an initramfs. Signed-off-by: gene.sally@timesys.com Signed-off-by: Sam Ravnborg <sam@ravnborg.org> 
Modify gen_init_cpio so that lines that specify files can contain
what looks like a shell variable that's expanded during processing.

For example:

   file /sbin/kinit ${RFS_BASE}/usr/src/klibc/kinit/kinit 0755 0 0

given RFS_BASE is "/some/directory" in the environment

would be expanded to

   file /sbin/kinit /some/directory/usr/src/klibc/kinit/kinit 0755 0 0

If several environment variables appear in a line, they are all expanded
with processing happening from left to right.
Undefined variables expand to a null string.
Syntax errors stop processing, letting the existing error handling
show the user offending line.

This patch helps embedded folks who frequently create several
RFS directories and then switch between them as they're tuning
an initramfs.

Signed-off-by: gene.sally@timesys.com
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
kbuild: add support for reading stdin with gen_init_cpio 2007-07-16T19:15:52+00:00 Mike Frysinger vapier@gentoo.org 2007-05-11T05:44:28+00:00 f2434ec1e08e44c2568b29c2879b3346aa29dbd2 Treat an argument of "-" as meaning "read stdin for cpio files" so gen_init_cpio can be piped into. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sam Ravnborg <sam@ravnborg.org> 
Treat an argument of "-" as meaning "read stdin for cpio files" so
gen_init_cpio can be piped into.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
[PATCH] usr/gen_init_cpio.c: support for hard links 2007-02-11T18:51:25+00:00 Luciano Rocha strange@nsk.no-ip.org 2007-02-10T09:44:45+00:00 24fa50961451b7b21081e4d16836952b17eb5fb3 Extend usr/gen_init_cpio.c "file" entry, adding support for hard links. Previous format: file <name> <location> <mode> <uid> <gid> New format: file <name> <location> <mode> <uid> <gid> [<hard links>] The hard links specification is optional, keeping the previous behaviour. All hard links are defined sequentially in the resulting cpio and the file data is present only in the last link. This is the behaviour of GNU's cpio and is supported by the kernel initramfs extractor. Signed-off-by: Luciano Rocha <strange@nsk.no-ip.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Extend usr/gen_init_cpio.c "file" entry, adding support for hard links.

Previous format:
file <name> <location> <mode> <uid> <gid>

New format:
file <name> <location> <mode> <uid> <gid> [<hard links>]

The hard links specification is optional, keeping the previous
behaviour.

All hard links are defined sequentially in the resulting cpio and the
file data is present only in the last link. This is the behaviour of
GNU's cpio and is supported by the kernel initramfs extractor.

Signed-off-by: Luciano Rocha <strange@nsk.no-ip.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>