From 085cbdafca9c3d7bc2f27523a343f61db82f2ccb Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 15 Nov 2021 19:26:51 +0100 Subject: [PATCH 1/6] pxe: simplify label_boot() Coverity CID 131256 indicates a possible buffer overflow in label_boot(). This would only occur if the size of the downloaded file would exceed 4 GiB. But anyway we can simplify the code by using snprintf() and checking the return value. Addresses-Coverity-ID: 131256 ("Security best practices violations (STRING_OVERFLOW)") Signed-off-by: Heinrich Schuchardt Reviewed-by: Ramon Fried Reviewed-by: Artem Lapkin --- boot/pxe_utils.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c index b08aee9896b..defbe465e40 100644 --- a/boot/pxe_utils.c +++ b/boot/pxe_utils.c @@ -532,11 +532,10 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label) } initrd_addr_str = env_get("ramdisk_addr_r"); - strcpy(initrd_filesize, simple_xtoa(size)); - - strncpy(initrd_str, initrd_addr_str, 18); - strcat(initrd_str, ":"); - strncat(initrd_str, initrd_filesize, 9); + size = snprintf(initrd_str, sizeof(initrd_str), "%s:%lx", + initrd_addr_str, size); + if (size >= sizeof(initrd_str)) + return 1; } if (get_relfile_envaddr(ctx, label->kernel, "kernel_addr_r", From 00fa8256b5c9b3ccbccbdfa8026bce2efd66d630 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Mon, 7 Feb 2022 19:14:02 +0100 Subject: [PATCH 2/6] cli: support bracketed paste Some consoles use CSI 200~ and CSI 201~ to bracket inserts. This leads U-Boot to misinterpret the inserted string. Ignore these escape sequences. Signed-off-by: Heinrich Schuchardt --- common/cli_readline.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/common/cli_readline.c b/common/cli_readline.c index c7614a4c90f..e86ee73faf7 100644 --- a/common/cli_readline.c +++ b/common/cli_readline.c @@ -321,6 +321,7 @@ static int cread_line(const char *const prompt, char *buf, unsigned int *len, act = ESC_CONVERTED; break; /* pass off to ^N handler */ case '1': + case '2': case '3': case '4': case '7': @@ -332,7 +333,8 @@ static int cread_line(const char *const prompt, char *buf, unsigned int *len, break; } } else if (esc_len == 3) { - if (ichar == '~') { + switch (ichar) { + case '~': switch (esc_save[2]) { case '3': /* Delete key */ ichar = CTL_CH('d'); @@ -349,9 +351,25 @@ static int cread_line(const char *const prompt, char *buf, unsigned int *len, act = ESC_CONVERTED; break; /* pass to ^E handler */ } + break; + case '0': + if (esc_save[2] == '2') + act = ESC_SAVE; + break; + } + } else if (esc_len == 4) { + switch (ichar) { + case '0': + case '1': + act = ESC_SAVE; + break; /* bracketed paste */ + } + } else if (esc_len == 5) { + if (ichar == '~') { /* bracketed paste */ + ichar = 0; + act = ESC_CONVERTED; } } - switch (act) { case ESC_SAVE: esc_save[esc_len++] = ichar; From 996839870436acc4e7b791b72c9c8d4a78bf4426 Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 2 Jul 2022 18:53:21 +0000 Subject: [PATCH 3/6] doc: add package uuid-dev to build dependencies Building mkeficapsule requires include uuid/uuid.h Signed-off-by: Heinrich Schuchardt --- doc/build/gcc.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/build/gcc.rst b/doc/build/gcc.rst index 682051abeb2..ee544ad87ee 100644 --- a/doc/build/gcc.rst +++ b/doc/build/gcc.rst @@ -30,7 +30,7 @@ Depending on the build targets further packages maybe needed pkg-config python3 python3-asteval python3-coverage \ python3-pkg-resources python3-pycryptodome python3-pyelftools \ python3-pytest python3-sphinxcontrib.apidoc python3-sphinx-rtd-theme \ - python3-subunit python3-testtools python3-virtualenv swig + python3-subunit python3-testtools python3-virtualenv swig uuid-dev SUSE based ~~~~~~~~~~ From 8f4c7ad7a07f940566bcb17e5c0c1b38254b17af Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Sat, 16 Jul 2022 06:19:08 +0200 Subject: [PATCH 4/6] doc: typo 'formatted' in codingstyle.rst %s/formatted/format/ Fixes: 4211fb2ef6dd ("doc: Migrate CodingStyle wiki page to Sphinx") Signed-off-by: Heinrich Schuchardt Reviewed-by: Tom Rini --- doc/develop/codingstyle.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/develop/codingstyle.rst b/doc/develop/codingstyle.rst index 2b13818a8ce..a6bc37bbb44 100644 --- a/doc/develop/codingstyle.rst +++ b/doc/develop/codingstyle.rst @@ -41,7 +41,7 @@ The following rules apply: * The exception here is Python which requires 4 spaces instead. - * All source files need to be in "Unix" and not "DOS" or "Windows" formatted, + * All source files need to be in "Unix" and not "DOS" or "Windows" format, with respect to line ends. * Do not add more than 2 consecutive empty lines to source files From 2eb328ea6136e461537ec5f67bcb73581ab30c9d Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 14 Jul 2022 08:36:29 +0200 Subject: [PATCH 5/6] efi_loader: remove support for CONFIG_LCD There is no board left using CONFIG_LCD without CONFIG_DM_VIDEO. Signed-off-by: Heinrich Schuchardt --- lib/efi_loader/Makefile | 1 - lib/efi_loader/efi_gop.c | 5 ----- 2 files changed, 6 deletions(-) diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index aaaa25cefe0..f54c244c326 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -66,7 +66,6 @@ obj-$(CONFIG_EFI_VARIABLES_PRESEED) += efi_var_seed.o endif obj-y += efi_watchdog.o obj-$(CONFIG_EFI_ESRT) += efi_esrt.o -obj-$(CONFIG_LCD) += efi_gop.o obj-$(CONFIG_DM_VIDEO) += efi_gop.o obj-$(CONFIG_BLK) += efi_disk.o obj-$(CONFIG_NET) += efi_net.o diff --git a/lib/efi_loader/efi_gop.c b/lib/efi_loader/efi_gop.c index 2c818598073..5908b5c6466 100644 --- a/lib/efi_loader/efi_gop.c +++ b/lib/efi_loader/efi_gop.c @@ -8,7 +8,6 @@ #include #include #include -#include #include #include #include @@ -459,11 +458,7 @@ efi_status_t EFIAPI gop_blt(struct efi_gop *this, struct efi_gop_pixel *buffer, if (ret != EFI_SUCCESS) return EFI_EXIT(ret); -#ifdef CONFIG_DM_VIDEO video_sync_all(); -#else - lcd_sync(); -#endif return EFI_EXIT(EFI_SUCCESS); } From 052e8ca421cc8697f8cf7de16253627c4c92f4dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= Date: Mon, 27 Jun 2022 12:23:19 +0200 Subject: [PATCH 6/6] efi: test/py: repair authenticated capsules tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The UEFI console initialisation has been modified by commit 68edbed454b8 ("efi_loader: initialize console size late"). A corresponding workaround is now necessary for the automated tests, as added to some of the tests already by commit e05bd68ed5fc ("test: work around for EFI terminal size probing"). Add the same workaround to the UEFI authenticated capsules tests to repair them. This can be tested with sandbox_defconfig, sandbox64_defconfig or sandbox_flattree_defconfig, plus CONFIG_EFI_CAPSULE_AUTHENTICATE=y. Signed-off-by: Vincent Stehlé Cc: Heinrich Schuchardt Reviewed-by: Heinrich Schuchardt --- .../tests/test_efi_capsule/test_capsule_firmware_signed_fit.py | 3 +++ .../tests/test_efi_capsule/test_capsule_firmware_signed_raw.py | 2 ++ 2 files changed, 5 insertions(+) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py index 4400b8f1368..d6ca9b16745 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_fit.py @@ -40,6 +40,7 @@ class TestEfiCapsuleFirmwareSignedFit(object): with u_boot_console.log.section('Test Case 1-a, before reboot'): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', 'efidebug boot order 1', 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', @@ -115,6 +116,7 @@ class TestEfiCapsuleFirmwareSignedFit(object): with u_boot_console.log.section('Test Case 2-a, before reboot'): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', 'efidebug boot order 1', 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', @@ -192,6 +194,7 @@ class TestEfiCapsuleFirmwareSignedFit(object): with u_boot_console.log.section('Test Case 3-a, before reboot'): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', 'efidebug boot order 1', 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index 1b5a1bb42eb..2bbaa9cc55f 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -112,6 +112,7 @@ class TestEfiCapsuleFirmwareSignedRaw(object): with u_boot_console.log.section('Test Case 2-a, before reboot'): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', 'efidebug boot order 1', 'env set -e -nv -bs -rt OsIndications =0x0000000000000004', @@ -189,6 +190,7 @@ class TestEfiCapsuleFirmwareSignedRaw(object): with u_boot_console.log.section('Test Case 3-a, before reboot'): output = u_boot_console.run_command_list([ 'host bind 0 %s' % disk_img, + 'printenv -e PlatformLangCodes', # workaround for terminal size determination 'efidebug boot add -b 1 TEST host 0:1 /helloworld.efi', 'efidebug boot order 1', 'env set -e -nv -bs -rt OsIndications =0x0000000000000004',