3027 installgrub can segfault when encountering bogus data on disk
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 #include <stdio.h>
26 #include <errno.h>
27 #include <assert.h>
28 #include <unistd.h>
29 #include <libintl.h>
30 #include <sys/multiboot.h>
31 #include <sys/sysmacros.h>
32
33 #include "bblk_einfo.h"
34 #include "boot_utils.h"
35 #include "mboot_extra.h"
36
37 /*
38 * Common functions to deal with the fake-multiboot encapsulation of the
39 * bootblock and the location of the extra information area.
40 */
41
42 /* mboot checksum routine. */
43 uint32_t
44 compute_checksum(char *data, uint32_t size)
45 {
46 uint32_t *ck_ptr;
47 uint32_t cksum = 0;
48 int i;
49
50 ck_ptr = (uint32_t *)data;
51 for (i = 0; i < size; i += sizeof (uint32_t))
52 cksum += *ck_ptr++;
53
54 return (-cksum);
55 }
56
57 /* Given a buffer, look for a multiboot header within it. */
58 int
59 find_multiboot(char *buffer, uint32_t buf_size, uint32_t *mboot_off)
60 {
61 multiboot_header_t *mboot;
62 uint32_t *iter;
63 uint32_t cksum;
64 uint32_t boundary;
65 int i = 0;
66
67 iter = (uint32_t *)buffer;
68 *mboot_off = 0;
69 /* multiboot header has to be within the first 32K. */
70 boundary = MBOOT_SCAN_SIZE;
71 if (boundary > buf_size)
72 boundary = buf_size;
73
74 boundary = boundary - sizeof (multiboot_header_t);
75
76 for (i = 0; i < boundary; i += 4, iter++) {
77
78 mboot = (multiboot_header_t *)iter;
79 if (mboot->magic != MB_HEADER_MAGIC)
80 continue;
81
82 /* Found magic signature -- check checksum. */
83 cksum = -(mboot->flags + mboot->magic);
84 if (mboot->checksum != cksum) {
85 BOOT_DEBUG("multiboot magic found at %p, but checksum "
86 "mismatches (is %x, should be %x)\n", mboot,
87 mboot->checksum, cksum);
88 continue;
89 } else {
90 if (!(mboot->flags & BB_MBOOT_AOUT_FLAG)) {
91 BOOT_DEBUG("multiboot structure found, but no "
92 "AOUT kludge specified, skipping.\n");
93 continue;
94 } else {
95 /* proper multiboot structure found. */
96 *mboot_off = i;
97 return (BC_SUCCESS);
98 }
99 }
100 }
101
102 return (BC_ERROR);
103 }
104
105 /*
106 * Given a pointer to the extra information area (a sequence of bb_header_ext_t
107 * + payload chunks), find the extended information structure.
108 */
109 bblk_einfo_t *
110 find_einfo(char *extra)
111 {
112 bb_header_ext_t *ext_header;
113 bblk_einfo_t *einfo;
114 uint32_t cksum;
115
116 assert(extra != NULL);
117
118 ext_header = (bb_header_ext_t *)extra;
119 cksum = compute_checksum(extra + sizeof (bb_header_ext_t),
120 ext_header->size);
121 BOOT_DEBUG("Extended information header checksum is %x\n", cksum);
122
123 if (cksum != ext_header->checksum) {
124 BOOT_DEBUG("Unable to find extended versioning information, "
125 "data looks corrupted\n");
126 return (NULL);
127 }
128
129 /*
130 * Currently we only have one extra header so it must be encapsulating
131 * the extended information structure.
132 */
133 einfo = (bblk_einfo_t *)(extra + sizeof (bb_header_ext_t));
134 if (memcmp(einfo->magic, EINFO_MAGIC, EINFO_MAGIC_SIZE) != 0) {
135 BOOT_DEBUG("Unable to read stage2 extended versioning "
136 "information, wrong magic identifier\n");
137 BOOT_DEBUG("Found %s, expected %s\n", einfo->magic,
138 EINFO_MAGIC);
139 return (NULL);
140 }
141
142 return (einfo);
143 }
144
145 /*
146 * Given a pointer to the extra area, add the extended information structure
147 * encapsulated by a bb_header_ext_t structure.
148 */
149 void
150 add_einfo(char *extra, char *updt_str, bblk_hs_t *hs, uint32_t avail_space)
151 {
152 bb_header_ext_t *ext_hdr;
153 uint32_t used_space;
154 unsigned char *dest;
155 int ret;
156
157 assert(extra != NULL);
158
159 if (updt_str == NULL) {
160 BOOT_DEBUG("WARNING: no update string passed to "
161 "add_stage2_einfo()\n");
162 return;
163 }
164
165 /* Reserve space for the extra header. */
166 ext_hdr = (bb_header_ext_t *)extra;
167 dest = (unsigned char *)extra + sizeof (*ext_hdr);
168 /* Place the extended information structure. */
169 ret = prepare_and_write_einfo(dest, updt_str, hs, avail_space,
170 &used_space);
171 if (ret != 0) {
172 (void) fprintf(stderr, gettext("Unable to write the extended "
173 "versioning information\n"));
174 return;
175 }
176
177 /* Fill the extended information associated header. */
178 ext_hdr->size = P2ROUNDUP(used_space, 8);
179 ext_hdr->checksum = compute_checksum((char *)dest, ext_hdr->size);
180 }
--- EOF ---