On Wed, Feb 02, 2022 at 07:27:00PM -0500, Alec Brown wrote: > In grub-module-verifierXX.c, the function grub_module_verifyXX() performs an > initial check that the ELF section headers are within the module's size but > doesn't check if the sections being accessed have contents that are within the > module's size. In particular, we need to check that sh_offset and sh_size are > less than the module's size. However, for some section header types we don't > need to make these checks. For the type SHT_NULL, the section header is marked > as inactive and the rest of the members within the section header have > undefined > values, so we don't need to check for sh_offset or sh_size. In the case of the > type SHT_NOBITS, sh_offset has a conceptual offset which may be beyond the > module size. Also, this type's sh_size may have a non-zero size, but a section > of this type will take up no space in the module. This can all be checked in > the > function get_shdr(), but in order to do so, the parameter module_size must be > added to functions so that the value of the module size can be used in > get_shdr() from grub_module_verifyXX(). > > Signed-off-by: Alec Brown <alec.r.br...@oracle.com>
Sadly this patch breaks one of ARM builds: build-grub-module-verifier: error: Section 12 starts after the end of the module. Makefile:47473: recipe for target 'disk.mod' failed make[3]: *** [disk.mod] Error 1 make[3]: *** Waiting for unfinished jobs.... build-grub-module-verifier: error: Section 12 starts after the end of the module. Makefile:47473: recipe for target 'boot.mod' failed make[3]: *** [boot.mod] Error 1 ... You can reproduce this by doing: ./configure --target=arm-linux-gnueabihf --with-platform=coreboot --enable-grub-mkfont --prefix="`pwd`/grub-dist" make install I have taken the rest of patches and skipped this one. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
