Print this page
3027 installgrub can segfault when encountering bogus data on disk
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/boot/common/mboot_extra.c
+++ new/usr/src/cmd/boot/common/mboot_extra.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
23 23 */
24 24
25 25 #include <stdio.h>
26 26 #include <errno.h>
27 27 #include <assert.h>
28 28 #include <unistd.h>
29 29 #include <libintl.h>
30 30 #include <sys/multiboot.h>
31 31 #include <sys/sysmacros.h>
32 32
33 33 #include "bblk_einfo.h"
34 34 #include "boot_utils.h"
35 35 #include "mboot_extra.h"
36 36
37 37 /*
38 38 * Common functions to deal with the fake-multiboot encapsulation of the
39 39 * bootblock and the location of the extra information area.
40 40 */
41 41
42 42 /* mboot checksum routine. */
43 43 uint32_t
44 44 compute_checksum(char *data, uint32_t size)
45 45 {
46 46 uint32_t *ck_ptr;
47 47 uint32_t cksum = 0;
48 48 int i;
49 49
50 50 ck_ptr = (uint32_t *)data;
51 51 for (i = 0; i < size; i += sizeof (uint32_t))
52 52 cksum += *ck_ptr++;
53 53
54 54 return (-cksum);
55 55 }
56 56
57 57 /* Given a buffer, look for a multiboot header within it. */
58 58 int
59 59 find_multiboot(char *buffer, uint32_t buf_size, uint32_t *mboot_off)
60 60 {
61 61 multiboot_header_t *mboot;
62 62 uint32_t *iter;
63 63 uint32_t cksum;
64 64 uint32_t boundary;
65 65 int i = 0;
66 66
67 67 iter = (uint32_t *)buffer;
68 68 *mboot_off = 0;
69 69 /* multiboot header has to be within the first 32K. */
70 70 boundary = MBOOT_SCAN_SIZE;
71 71 if (boundary > buf_size)
72 72 boundary = buf_size;
73 73
74 74 boundary = boundary - sizeof (multiboot_header_t);
75 75
76 76 for (i = 0; i < boundary; i += 4, iter++) {
77 77
78 78 mboot = (multiboot_header_t *)iter;
79 79 if (mboot->magic != MB_HEADER_MAGIC)
80 80 continue;
81 81
82 82 /* Found magic signature -- check checksum. */
83 83 cksum = -(mboot->flags + mboot->magic);
84 84 if (mboot->checksum != cksum) {
85 85 BOOT_DEBUG("multiboot magic found at %p, but checksum "
86 86 "mismatches (is %x, should be %x)\n", mboot,
87 87 mboot->checksum, cksum);
88 88 continue;
89 89 } else {
90 90 if (!(mboot->flags & BB_MBOOT_AOUT_FLAG)) {
91 91 BOOT_DEBUG("multiboot structure found, but no "
92 92 "AOUT kludge specified, skipping.\n");
93 93 continue;
94 94 } else {
95 95 /* proper multiboot structure found. */
96 96 *mboot_off = i;
97 97 return (BC_SUCCESS);
98 98 }
99 99 }
100 100 }
101 101
102 102 return (BC_ERROR);
103 103 }
104 104
105 105 /*
106 106 * Given a pointer to the extra information area (a sequence of bb_header_ext_t
107 107 * + payload chunks), find the extended information structure.
|
↓ open down ↓ |
107 lines elided |
↑ open up ↑ |
108 108 */
109 109 bblk_einfo_t *
110 110 find_einfo(char *extra)
111 111 {
112 112 bb_header_ext_t *ext_header;
113 113 bblk_einfo_t *einfo;
114 114 uint32_t cksum;
115 115
116 116 assert(extra != NULL);
117 117
118 - ext_header = (bb_header_ext_t *)extra;
119 - cksum = compute_checksum(extra + sizeof (bb_header_ext_t),
120 - ext_header->size);
121 - BOOT_DEBUG("Extended information header checksum is %x\n", cksum);
122 -
123 - if (cksum != ext_header->checksum) {
124 - BOOT_DEBUG("Unable to find extended versioning information, "
125 - "data looks corrupted\n");
126 - return (NULL);
127 - }
128 -
129 118 /*
130 119 * Currently we only have one extra header so it must be encapsulating
131 120 * the extended information structure.
132 121 */
133 122 einfo = (bblk_einfo_t *)(extra + sizeof (bb_header_ext_t));
134 123 if (memcmp(einfo->magic, EINFO_MAGIC, EINFO_MAGIC_SIZE) != 0) {
135 124 BOOT_DEBUG("Unable to read stage2 extended versioning "
136 125 "information, wrong magic identifier\n");
137 126 BOOT_DEBUG("Found %s, expected %s\n", einfo->magic,
138 127 EINFO_MAGIC);
139 128 return (NULL);
140 129 }
130 +
131 + ext_header = (bb_header_ext_t *)extra;
132 + cksum = compute_checksum(extra + sizeof (bb_header_ext_t),
133 + ext_header->size);
134 + BOOT_DEBUG("Extended information header checksum is %x\n", cksum);
135 +
136 + if (cksum != ext_header->checksum) {
137 + BOOT_DEBUG("Unable to find extended versioning information, "
138 + "data looks corrupted\n");
139 + return (NULL);
140 + }
141 141
142 142 return (einfo);
143 143 }
144 144
145 145 /*
146 146 * Given a pointer to the extra area, add the extended information structure
147 147 * encapsulated by a bb_header_ext_t structure.
148 148 */
149 149 void
150 150 add_einfo(char *extra, char *updt_str, bblk_hs_t *hs, uint32_t avail_space)
151 151 {
152 152 bb_header_ext_t *ext_hdr;
153 153 uint32_t used_space;
154 154 unsigned char *dest;
155 155 int ret;
156 156
157 157 assert(extra != NULL);
158 158
159 159 if (updt_str == NULL) {
160 160 BOOT_DEBUG("WARNING: no update string passed to "
161 161 "add_stage2_einfo()\n");
162 162 return;
163 163 }
164 164
165 165 /* Reserve space for the extra header. */
166 166 ext_hdr = (bb_header_ext_t *)extra;
167 167 dest = (unsigned char *)extra + sizeof (*ext_hdr);
168 168 /* Place the extended information structure. */
169 169 ret = prepare_and_write_einfo(dest, updt_str, hs, avail_space,
170 170 &used_space);
171 171 if (ret != 0) {
172 172 (void) fprintf(stderr, gettext("Unable to write the extended "
173 173 "versioning information\n"));
174 174 return;
175 175 }
176 176
177 177 /* Fill the extended information associated header. */
178 178 ext_hdr->size = P2ROUNDUP(used_space, 8);
179 179 ext_hdr->checksum = compute_checksum((char *)dest, ext_hdr->size);
180 180 }
|
↓ open down ↓ |
30 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX