Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test ImageAddress() #579

Merged
merged 6 commits into from
Jun 23, 2023
Merged

Test ImageAddress() #579

merged 6 commits into from
Jun 23, 2023

Conversation

vathpela
Copy link
Contributor

@vathpela vathpela commented Jun 23, 2023

This adds the very beginnings of a tester for our PE loader, including one minor bugfix and a test for it. Note that this is on top of #578.

This doesn't fully test the loader (or even come close), but it gets us to the point where test cases can be added.

vathpela added 3 commits June 23, 2023 14:04
This adds a make rule to generate compile_commands.json, which some
verifier tools depend on.

Signed-off-by: Peter Jones <[email protected]>
In binutils-2.39, GNU ld has added a warning when linking objects that
don't have a .note.GNU-stack section.  Since we build with
"--fatal-warnings", this causes a failure:

ld: warning: cert.o: missing .note.GNU-stack section implies executable stack
ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker

This patch adds those sections to all of the .S files, so that they will
be in the objects, as well as updating our gnu-efi tree the same way.

Signed-off-by: Peter Jones <[email protected]>
In a few places we put dprintf() at places where the compiler will get
confused if it isn't a block or a statement.

Obviously, it should be a statement, so this makes it one.

Signed-off-by: Peter Jones <[email protected]>
@vathpela vathpela requested a review from jsetje June 23, 2023 18:12
@vathpela vathpela force-pushed the test-image-address branch 2 times, most recently from 5ececf6 to d7b1a5b Compare June 23, 2023 18:27
vathpela added 3 commits June 23, 2023 14:38
CentOS 7 and RHEL 7 are EOL, and their ancient compiler is EOL along
with them.  Removing them from our test environments means we'll have to
do some minor backports if they come back from the dead, but lets us use
__builtin_add_overflow() and friends without gross hacks today.

This change removes those builds from our PR tests.

Signed-off-by: Peter Jones <[email protected]>
This moves the parts of pe.c that *don't* depend on Cryptlib into
pe-relocate.c, so we can write test cases for them without having to
make a second openssl build without EFI support.

Signed-off-by: Peter Jones <[email protected]>
This adds a test case for our address sanitation checking function
ImageAddresS().  In doing so it addresses two issues:

- previously we allowed the address after the last byte of the image to
  be computed (may need to revert this or fix some callers, we'll see...)
- bespoke overflow checking and using + directly instead of using
  __builtin_add_overflow()

Signed-off-by: Peter Jones <[email protected]>
@vathpela vathpela force-pushed the test-image-address branch from d7b1a5b to d0447b7 Compare June 23, 2023 18:38
@vathpela vathpela changed the title Test image address Test ImageAddress() Jun 23, 2023
@jsetje jsetje merged commit 569270d into rhboot:main Jun 23, 2023
vathpela added a commit that referenced this pull request Jan 23, 2024
What's changed
* Various CVE fixes:
  CVE-2023-40546 mok: fix LogError() invocation
  CVE-2023-40547 - avoid incorrectly trusting HTTP headers
  CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
  CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
  CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
  CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
* Add make infrastructure to set the NX_COMPAT flag by @vathpela in #530
* Make sbat_var.S parse right with buggy gcc/binutils by @vathpela in #535
* Drop invalid calls to CRYPTO_set_mem_functions by @nicholasbishop in #537
* pe: Align section size up to page size for mem attrs by @nicholasbishop in #539
* test-sbat: Fix exit code by @vathpela in #540
* pe: Add IS_PAGE_ALIGNED macro by @nicholasbishop in #541
* CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper by @nicholasbishop in #546
* Don't loop forever in load_certs() with buggy firmware by @rmetrich in #547
* Block Debian grub binaries with SBAT < 4 by @steve-mcintyre in #550
* Shim unable to locate grubx64 in PXE boot mode when grubx64 is stored in a different file path by @Alberto-Perez-Guevara in #551
* Further improve load_certs() for non-compliant drivers/firmwares by @pbatard in #560
* pe: only process RelocDir->Size of reloc section by @mikebeaton in #562
* Rename 'msecs' to 'usecs' to avoid potential confusion by @aronowski in #563
* Optionally allow to keep shim protocol installed by @bluca in #565
* SBAT-related documents formatting and spelling by @aronowski in #566
* Add SbatLevel_Variable.txt to document the various revocations by @jsetje in #569
* Add a security contact email address in README.md by @vathpela in #572
* Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL by @vathpela in #576
* mok: fix LogError() invocation by @vathpela in #577
* Minor housekeeping by @vathpela in #578
* Test ImageAddress() by @vathpela in #579
* FreePages() is used to return memory allocated by AllocatePages() by @dennis-tseng99 in #580
* Size should minus 1 when calculating 'RelocBaseEnd' by @jsetje in #581
* Verify signature before verifying sbat levels by @jsetje in #583
* Add libFuzzer support for csv.c and sbat.c by @vathpela in #584
* mok: Avoid underflow in maximum variable size calculation by @alpernebbi in #587
* Housekeeping by @vathpela in #605

Signed-off-by: Peter Jones <[email protected]>
brianredbeard pushed a commit to brianredbeard/redhat-efi-boot-shim that referenced this pull request Feb 22, 2024
What's changed
* Various CVE fixes:
  CVE-2023-40546 mok: fix LogError() invocation
  CVE-2023-40547 - avoid incorrectly trusting HTTP headers
  CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
  CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
  CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
  CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
* Add make infrastructure to set the NX_COMPAT flag by @vathpela in rhboot#530
* Make sbat_var.S parse right with buggy gcc/binutils by @vathpela in rhboot#535
* Drop invalid calls to CRYPTO_set_mem_functions by @nicholasbishop in rhboot#537
* pe: Align section size up to page size for mem attrs by @nicholasbishop in rhboot#539
* test-sbat: Fix exit code by @vathpela in rhboot#540
* pe: Add IS_PAGE_ALIGNED macro by @nicholasbishop in rhboot#541
* CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper by @nicholasbishop in rhboot#546
* Don't loop forever in load_certs() with buggy firmware by @rmetrich in rhboot#547
* Block Debian grub binaries with SBAT < 4 by @steve-mcintyre in rhboot#550
* Shim unable to locate grubx64 in PXE boot mode when grubx64 is stored in a different file path by @Alberto-Perez-Guevara in rhboot#551
* Further improve load_certs() for non-compliant drivers/firmwares by @pbatard in rhboot#560
* pe: only process RelocDir->Size of reloc section by @mikebeaton in rhboot#562
* Rename 'msecs' to 'usecs' to avoid potential confusion by @aronowski in rhboot#563
* Optionally allow to keep shim protocol installed by @bluca in rhboot#565
* SBAT-related documents formatting and spelling by @aronowski in rhboot#566
* Add SbatLevel_Variable.txt to document the various revocations by @jsetje in rhboot#569
* Add a security contact email address in README.md by @vathpela in rhboot#572
* Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL by @vathpela in rhboot#576
* mok: fix LogError() invocation by @vathpela in rhboot#577
* Minor housekeeping by @vathpela in rhboot#578
* Test ImageAddress() by @vathpela in rhboot#579
* FreePages() is used to return memory allocated by AllocatePages() by @dennis-tseng99 in rhboot#580
* Size should minus 1 when calculating 'RelocBaseEnd' by @jsetje in rhboot#581
* Verify signature before verifying sbat levels by @jsetje in rhboot#583
* Add libFuzzer support for csv.c and sbat.c by @vathpela in rhboot#584
* mok: Avoid underflow in maximum variable size calculation by @alpernebbi in rhboot#587
* Housekeeping by @vathpela in rhboot#605

Signed-off-by: Peter Jones <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants