From nobody Mon Oct 03 23:11:32 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MhGmj5h6vz4V1ZM; Mon, 3 Oct 2022 23:11:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MhGmj4sHSz3QnZ; Mon, 3 Oct 2022 23:11:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664838693; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lJyr0PFwtUdFWdMG1axysx16xl0mbpnjfysA4p3rlHM=; b=wGw5BJxqLjBbOTOv8Pr3Jo2YNTnmTbHYCfcWmgbz0mQ5Kydep/HMLany/jf9rBr+Z0aJX1 /8jgt5ohUF7dI+vtJvpMwJ1z0EYLStPIi1uiZ6Ty8Medo48+qVsB1dfYGtuGtBNiRspYYC MxVHbqiQf+W8igbV22QGaUPgl+pxYaF7uoUbv0ljIb4ZEVUzp3D9x1d3nY5UaqfEIhejpz TMGHYkKyW6QB49nMaSjz5vutVvWRPg+8dVvU2rLD7s7VIG/KQVRT/t99eLImPTz3kVFGi6 Ct7Xu8lo53IKwdqWxrC+KnOHhv9j1dRQ/qI4cwd+EcwW7AvwVdZIO139X0w2Vw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MhGmh5wmYzMY4; Mon, 3 Oct 2022 23:11:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 293NBWZL065858; Mon, 3 Oct 2022 23:11:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 293NBWYc065857; Mon, 3 Oct 2022 23:11:32 GMT (envelope-from git) Date: Mon, 3 Oct 2022 23:11:32 GMT Message-Id: <202210032311.293NBWYc065857@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: d30a1689f5b3 - main - libefivar: Fix a buffer overread. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d30a1689f5b37e78ea189232a8b94a7011dc0dc8 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664838693; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lJyr0PFwtUdFWdMG1axysx16xl0mbpnjfysA4p3rlHM=; b=ZpuXoc7uIEpa0powkX/JOJho6FsDhf01wu3HZ02EfCQSwy+Xz2oZPSyxiCmURUj3Jy2vUj t2ohQeKSbZsABLgd+hoTT16r3bVFajmBlzAAuqt3dVhCxHD1E296CBnSCZmnB3GH5NRJBG yYbsT5JXakCs6ytfJ4wLUcZaGbrF8dUWc4/ShYvFj0onpUF4B5uraOpYTLqYQKLQAinEDk /mHXMdWOC5Jem5+lqOev6Oj2DiSNkWrjoFoiJj5lsWJ+IWheZMvqs4CzEKNMG0smMSv9Hf /85mvk1jmRuDwfa4EVzz/fCDRHQfJHndi7myLTxXvF3qnLv6w2563wD990anFg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1664838693; a=rsa-sha256; cv=none; b=spp9tmkDfeM7hQTSEJvGXwmPb0dxvBSf4mkDco2XU8jayxoU4i2CYlLCDqGbZhXnISR2N6 W1tf4ZQgAyS915xoqmAum7bEvSqp5yaU1ZxYEduJHn4mbOGkhE19etFfDMTRPPsC83aHcN hfans6RzSZkCH/Jc712XHOD3u8yLjqngV6swamtqeKMH2dJWwwGNFvYaLWefSUL0NATtxp txmRmsKwhzs6+cco5+wuGlDf7RpUty0YEnsqM2WJPF3oyy6NebcyA2HZCaARFN36vVm4UC 6k/eiS0Zf+4SxBhQhquI9o5hwVEyzkGrR3fLrwkw/pkplsYbQgvvt+RAUBE4ug== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=d30a1689f5b37e78ea189232a8b94a7011dc0dc8 commit d30a1689f5b37e78ea189232a8b94a7011dc0dc8 Author: John Baldwin AuthorDate: 2022-10-03 23:10:44 +0000 Commit: John Baldwin CommitDate: 2022-10-03 23:10:44 +0000 libefivar: Fix a buffer overread. DevPathToTextUsbWWID allocates a separate copy of the SerialNumber string to append a null terminator if the original string is not null terminated. However, by using AllocateCopyPool, it tries to copy 'Length + 1' words from the existing string containing 'Length' characters into the target string. Split the copy out to only copy 'Length' characters instead. Reviewed by: imp, emaste Reported by: GCC 12 -Wstringop-overread Differential Revision: https://reviews.freebsd.org/D36826 --- lib/libefivar/efivar-dp-format.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/libefivar/efivar-dp-format.c b/lib/libefivar/efivar-dp-format.c index 9003b156f7fe..186f1cd5f103 100644 --- a/lib/libefivar/efivar-dp-format.c +++ b/lib/libefivar/efivar-dp-format.c @@ -1049,8 +1049,9 @@ DevPathToTextUsbWWID ( // // In case no NULL terminator in SerialNumber, create a new one with NULL terminator // - NewStr = AllocateCopyPool ((Length + 1) * sizeof (CHAR16), SerialNumberStr); + NewStr = AllocatePool ((Length + 1) * sizeof (CHAR16)); ASSERT (NewStr != NULL); + CopyMem (NewStr, SerialNumberStr, Length * sizeof (CHAR16)); NewStr[Length] = 0; SerialNumberStr = NewStr; }