Re: [Xen-devel] [PATCH] xen/build-id: Fix xen_build_id_check() to be robust against malformed notes

[Wei Liu <wei.liu2@xxxxxxxxxx>]

On Mon, Dec 31, 2018 at 05:34:25PM +0000, Andrew Cooper wrote:
> A NT_GNU_BUILD_ID with namesz longer than 4 will cause the strncmp() to use
> bytes in adjacent stringtable entries.
> 
> Instead, check for namesz exactly equal to 4, and use memcmp() with an
> explicit size.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Wei Liu <wei.liu2@xxxxxxxxxx>
> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
> CC: Julien Grall <julien.grall@xxxxxxx>
> 
> Noticed while auditing Xen's use of strncmp() for the command line patch.
> ---
>  xen/common/version.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/xen/common/version.c b/xen/common/version.c
> index 223cb52..1df7e78 100644
> --- a/xen/common/version.c
> +++ b/xen/common/version.c
> @@ -97,17 +97,17 @@ int xen_build_id_check(const Elf_Note *n, unsigned int 
> n_sz,
>      if ( NT_GNU_BUILD_ID != n->type )
>          return -ENODATA;
>  
> -    if ( n->namesz + n->descsz < n->namesz )
> +    if ( n->namesz != 4 /* GNU\0 */)
>          return -EINVAL;
>  
> -    if ( n->namesz < 4 /* GNU\0 */)
> +    if ( n->namesz + n->descsz < n->namesz )

The reordering of two predicates doesn't seem to serve any particular
purpose? You could've just changed "<" to "!=" for less code churn?

>          return -EINVAL;
>  
>      if ( n->namesz + n->descsz > n_sz - sizeof(*n) )
>          return -EINVAL;
>  
>      /* Sanity check, name should be "GNU" for ld-generated build-id. */
> -    if ( strncmp(ELFNOTE_NAME(n), "GNU", n->namesz) != 0 )
> +    if ( memcmp(ELFNOTE_NAME(n), "GNU", 4) != 0 )

OOI what is the advantage of memcmp compared to strncmp?

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel