Ubuntu
s390-tools package

Merge ~slyon/ubuntu/+source/s390-tools:slyon/xenial-SRUs into ubuntu/+source/s390-tools:ubuntu/xenial-devel

Proposed by Lukas Märdian on 2020-11-20

Status:

Merged

Merge reported by:

Lukas Märdian

Merged at revision:

ba49dedf1213fd1eb02660eb3174443a0e93693f

Proposed branch:

~slyon/ubuntu/+source/s390-tools:slyon/xenial-SRUs

Merge into:

ubuntu/+source/s390-tools:ubuntu/xenial-devel

Diff against target:

763 lines (+717/-0)

7 files modified

debian/changelog (+17/-0)
debian/patches/0024-zipl-libc-Introduce-vsnprintf.patch (+302/-0)
debian/patches/0025-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch (+46/-0)
debian/patches/0026-zipl-libc-Replace-sprintf-with-snprintf.patch (+224/-0)
debian/patches/0027-zipl-libc-Indicate-truncated-lines-in-printf-with.patch (+69/-0)
debian/patches/0028-zipl-boot-libc-add-memmove-function.patch (+54/-0)
debian/patches/series (+5/-0)

High

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Julian Andres Klode (community)		Approve on 2020-11-20
git-ubuntu developers	2020-11-20	Pending
Review via email: mp+394248@code.launchpad.net

Description of the change

Test builds available here:
https://launchpad.net/~slyon/+archive/ubuntu/s390-tools/+packages

Revision history for this message

Julian Andres Klode (juliank) wrote on 2020-11-20:

Uploaded

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Lukas Märdian

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index 4122a3d..ac3e30d 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,20 @@
++s390-tools (1.34.0-0ubuntu8.11) xenial; urgency=medium
++
++  * Cherry-pick zipl/libc fixes for potential buffer overflow (LP: #1865032)
++    - debian/patches/0033-zipl-boot-libc-add-memmove-function.patch:
++      Prerequisite for the other 4 patches, taken as part of upstream commit
++      e764f460c457ab2a6000acb5f2eb7169866ce192
++    - debian/patches/0029-zipl-libc-Introduce-vsnprintf.patch:
++      6fe9e6c55c69c14971dca55551009f5060418aae
++    - d/p/0030-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch:
++      8874b908254c47c8a6fd7a1aca2c7371c11035c4
++    - debian/patches/0031-zipl-libc-Replace-sprintf-with-snprintf.patch:
++      f7430027b41d5ad6220e962a179c2a5213330a44
++    - d/p/0032-zipl-libc-Indicate-truncated-lines-in-printf-with.patch:
++      36fed0e6c6590631c4ce1707c8fe3c3397bcce4d
++
++ -- Lukas Märdian <lukas.maerdian@canonical.com>  Fri, 20 Nov 2020 15:27:08 +0100
++
  s390-tools (1.34.0-0ubuntu8.10) xenial; urgency=medium
    * chreipl: fix chreipl node for virtio devices LP: #1825099
 diff --git a/debian/patches/0024-zipl-libc-Introduce-vsnprintf.patch b/debian/patches/0024-zipl-libc-Introduce-vsnprintf.patch
 new file mode 100644
 index 0000000..d0ad858
 --- /dev/null
 +++ b/debian/patches/0024-zipl-libc-Introduce-vsnprintf.patch
@@ -0,0 +1,302 @@
++From: Philipp Rudo <prudo@linux.ibm.com>
++Date: Tue, 11 Feb 2020 11:13:59 +0100
++Subject: zipl/libc: Introduce vsnprintf
++MIME-Version: 1.0
++Content-Type: text/plain; charset="utf-8"
++Content-Transfer-Encoding: 8bit
++
++The zipl boot loaders have their own minimalistic libc implementation.
++In it printf and sprintf use vsprintf for string formatting. Per
++definition vsprintf assumes that the buffer it writes to is large enough
++to contain the formatted string and performs no size checks. This is
++problematic for the boot loaders because the buffer they use are often
++allocated on the stack. Thus even small changes to the string format can
++potentially cause buffer overflows on the stack with the well known
++consequences. Protect against such errors by implementing vsnprintf.
++Later patches will make use of it.
++
++This implementation of vsnprintf only supports a small subset of format
++options defined in the C standard. In particular it allows the
++specifiers:
++	* %s (strings)
++	* %o (unsigned int octal)
++	* %u (unsigned int decimal)
++	* %x (unsigned int hexadecimal)
++
++Integer specifiers (o, u, and x) always use the long form, i.e. assume the
++argument to be of type 'unsigned long int'. The length modified 'l' can
++be given but is ignored.
++
++Furthermore, it is possible to provide the optional field width (aligned
++to the right only) and precision as decimal integer (i.e. not via '*')
++as well as the flag for zero padding integers (i.e. '0').
++
++The implementation was heavily inspired by the implementation in
++lib/vsprintf.c from the Linux kernel tree.
++
++Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
++Reviewed-by: Stefan Haberland <sth@linux.ibm.com>
++Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
++---
++ zipl/boot/libc.c | 248 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ 1 file changed, 248 insertions(+)
++
++diff --git a/zipl/boot/libc.c b/zipl/boot/libc.c
++index fd9d1a3..b43d417 100644
++--- a/zipl/boot/libc.c
+++++ b/zipl/boot/libc.c
++@@ -196,6 +196,254 @@ unsigned long ebcstrtoul(char *nptr, char **endptr, int base)
++ 	return val;
++ }
++
+++static int skip_atoi(const char **c)
+++{
+++	int i = 0;
+++
+++	do {
+++		i = i*10 + *((*c)++) - '0';
+++	} while (isdigit(**c));
+++
+++	return i;
+++}
+++
+++enum format_type {
+++	FORMAT_TYPE_NONE,
+++	FORMAT_TYPE_STR,
+++	FORMAT_TYPE_ULONG,
+++};
+++
+++struct printf_spec {
+++	unsigned int	type:8;		/* format_type enum */
+++	signed int	field_width:24;	/* width of output field */
+++	unsigned int	zeropad:1;	/* pad numbers with zero */
+++	unsigned int	base:8;		/* number base, 8, 10 or 16 only */
+++	signed int	precision:16;	/* # of digits/chars */
+++};
+++
+++#define FIELD_WIDTH_MAX ((1 << 23) - 1)
+++
+++static int format_decode(const char *fmt, struct printf_spec *spec)
+++{
+++	const char *start = fmt;
+++
+++	spec->type = FORMAT_TYPE_NONE;
+++	while (*fmt) {
+++		if (*fmt == '%')
+++			break;
+++		fmt++;
+++	}
+++
+++	/* return current non-format string */
+++	if (fmt != start || !*fmt)
+++		return fmt - start;
+++
+++	/* first char is '%', skip it */
+++	fmt++;
+++	if (*fmt == '0') {
+++		spec->zeropad = 1;
+++		fmt++;
+++	}
+++
+++	spec->field_width = -1;
+++	if (isdigit(*fmt))
+++		spec->field_width = skip_atoi(&fmt);
+++
+++	spec->precision = -1;
+++	if (*fmt == '.') {
+++		fmt++;
+++		if (isdigit(*fmt))
+++			spec->precision = skip_atoi(&fmt);
+++	}
+++
+++	/* always use long form, i.e. ignore long qualifier */
+++	if (*fmt == 'l')
+++		fmt++;
+++
+++	switch (*fmt) {
+++	case 's':
+++		spec->type = FORMAT_TYPE_STR;
+++		break;
+++
+++	case 'o':
+++		spec->base = 8;
+++		spec->type = FORMAT_TYPE_ULONG;
+++		break;
+++
+++	case 'u':
+++		spec->base = 10;
+++		spec->type = FORMAT_TYPE_ULONG;
+++		break;
+++
+++	case 'x':
+++		spec->base = 16;
+++		spec->type = FORMAT_TYPE_ULONG;
+++		break;
+++
+++	default:
+++		libc_stop(EINTERNAL);
+++	}
+++
+++	return ++fmt - start;
+++}
+++
+++static char *string(char *buf, char *end, const char *s,
+++		    struct printf_spec *spec)
+++{
+++	int limit = spec->precision;
+++	int len = 0;
+++	int spaces;
+++
+++	/* Copy string to buffer */
+++	while (limit--) {
+++		char c = *s++;
+++		if (!c)
+++			break;
+++		if (buf < end)
+++			*buf = c;
+++		buf++;
+++		len++;
+++	}
+++
+++	/* right align if necessary */
+++	if (len < spec->field_width && buf < end) {
+++		spaces = spec->field_width - len;
+++		if (spaces >= end - buf)
+++			spaces = end - buf;
+++		memmove(buf + spaces, buf, len);
+++		memset(buf, ' ', spaces);
+++		buf += spaces;
+++	}
+++
+++	return buf;
+++}
+++
+++static char *number(char *buf, char *end, unsigned long val,
+++		    struct printf_spec *spec)
+++{
+++	/* temporary buffer to prepare the string.
+++	 * Worst case: base = 8 -> 3 bits per char -> 2.67 chars per byte */
+++	char tmp[3 * sizeof(val)];
+++	static const char vec[] = {'0', '1', '2', '3', '4', '5', '6', '7',
+++				   '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
+++	int field_width = spec->field_width;
+++	int precision = spec->precision;
+++	int len;
+++
+++	/* prepare string in reverse order */
+++	len = 0;
+++	while (val) {
+++		tmp[len++] = vec[val % spec->base];
+++		val /= spec->base;
+++	}
+++
+++	if (len > precision)
+++		precision = len;
+++
+++	field_width -= precision;
+++	while (field_width-- > 0) {
+++		char c = spec->zeropad ? '0' : ' ';
+++		if (buf < end)
+++			*buf = c;
+++		buf++;
+++	}
+++
+++	/* needed if no field width but a precision is given */
+++	while (len < precision--) {
+++		if (buf < end)
+++			*buf = '0';
+++		buf++;
+++	}
+++
+++	while (len-- > 0) {
+++		if (buf < end)
+++			*buf = tmp[len];
+++		buf++;
+++	}
+++
+++	return buf;
+++}
+++
+++/*
+++ * vsnprintf - Format string and place in a buffer
+++ *
+++ * This funcion only supports a subset of format options defined in the
+++ * C standard, i.e.
+++ * specifiers:
+++ *	* %s (strings)
+++ *	* %o (unsigned int octal)
+++ *	* %u (unsigned int decimal)
+++ *	* %x (unsigned int hexadecimal)
+++ *
+++ * length modifier:
+++ *	* 'l' (ignored, see below)
+++ *
+++ * flag:
+++ *	* '0' (zero padding for integers)
+++ *
+++ * precision and field width as integers, i.e. _not_ by asterix '*'.
+++ *
+++ * The integer specifiers (o, u and, x) always use the long form, i.e.
+++ * assume the argument to be of type 'unsigned long int'.
+++ *
+++ * Returns the number of characters the function would have generated for
+++ * the given input (excluding the trailing '\0'. If the return value is
+++ * greater than or equal @size the resulting string is trunctuated.
+++ */
+++static int vsnprintf(char *buf, unsigned long size, const char *fmt,
+++		     va_list args)
+++{
+++	struct printf_spec spec = {0};
+++	char *str, *end;
+++
+++	str = buf;
+++	end = buf + size;
+++
+++	/* use negative (large positive) buffer sizes as indication for
+++	 * unknown/unlimited buffer sizes. */
+++	if (end < buf) {
+++		end = ((void *)-1);
+++		size = end - buf;
+++	}
+++
+++	while (*fmt) {
+++		const char *old_fmt = fmt;
+++		int read = format_decode(fmt, &spec);
+++		int copy;
+++
+++		fmt += read;
+++
+++		switch (spec.type) {
+++		case FORMAT_TYPE_NONE:
+++			copy = read;
+++			if (str < end) {
+++				if (copy > end - str)
+++					copy = end - str;
+++				memcpy(str, old_fmt, copy);
+++			}
+++			str += read;
+++			break;
+++
+++		case FORMAT_TYPE_STR:
+++			str = string(str, end, va_arg(args, char *), &spec);
+++			break;
+++
+++		case FORMAT_TYPE_ULONG:
+++			str = number(str, end, va_arg(args, unsigned long),
+++				     &spec);
+++			break;
+++		}
+++	}
+++
+++	if (size) {
+++		if (str < end)
+++			*str = '\0';
+++		else
+++			end[-1] = '\0';
+++	}
+++	return str - buf;
+++}
+++
++ /*
++  * Convert string to number with given base
++  */
 diff --git a/debian/patches/0025-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch b/debian/patches/0025-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch
 new file mode 100644
 index 0000000..826ed7d
 --- /dev/null
 +++ b/debian/patches/0025-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch
@@ -0,0 +1,46 @@
++From: Philipp Rudo <prudo@linux.ibm.com>
++Date: Tue, 11 Feb 2020 13:34:14 +0100
++Subject: zipl/libc: Fix potential buffer overflow in printf
++MIME-Version: 1.0
++Content-Type: text/plain; charset="utf-8"
++Content-Transfer-Encoding: 8bit
++
++Per definition vsprint assumes that the provided buffer it writes to is
++large enough to contain the formatted string. As printf uses a fixed
++sized buffer (81 bytes) and has no size checks the use of vsprintf can
++easily cause buffer overflows. Protect against these buffer overflows by
++using vsnprintf instead.
++
++While at it fix a typo in the comment.
++
++Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
++Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
++Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
++Reviewed-by: Stefan Haberland <sth@linux.ibm.com>
++Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
++---
++ zipl/boot/libc.c | 4 ++--
++ 1 file changed, 2 insertions(+), 2 deletions(-)
++
++diff --git a/zipl/boot/libc.c b/zipl/boot/libc.c
++index b43d417..a3a306c 100644
++--- a/zipl/boot/libc.c
+++++ b/zipl/boot/libc.c
++@@ -508,7 +508,7 @@ void sprintf(char *str, const char *fmt, ...)
++ }
++
++ /*
++- * Print formated string
+++ * Print formatted string to console
++  */
++ void printf(const char *fmt, ...)
++ {
++@@ -516,7 +516,7 @@ void printf(const char *fmt, ...)
++ 	va_list va;
++
++ 	va_start(va, fmt);
++-	vsprintf(buf, fmt, va);
+++	vsnprintf(buf, sizeof(buf), fmt, va);
++ 	sclp_print(buf);
++ 	va_end(va);
++ }
 diff --git a/debian/patches/0026-zipl-libc-Replace-sprintf-with-snprintf.patch b/debian/patches/0026-zipl-libc-Replace-sprintf-with-snprintf.patch
 new file mode 100644
 index 0000000..9189345
 --- /dev/null
 +++ b/debian/patches/0026-zipl-libc-Replace-sprintf-with-snprintf.patch
@@ -0,0 +1,224 @@
++From: Philipp Rudo <prudo@linux.ibm.com>
++Date: Tue, 11 Feb 2020 16:12:21 +0100
++Subject: zipl/libc: Replace sprintf with snprintf
++MIME-Version: 1.0
++Content-Type: text/plain; charset="utf-8"
++Content-Transfer-Encoding: 8bit
++
++The use of sprintf can easily result in buffer overflows as it assumes
++that the buffer it writes to is large enough to contain the formatted
++string. Thus replace sprintf by snprintf and update its users.
++
++This removes the last user of vsprintf. Thus also remove vsprintf and
++its dependencies.
++
++Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
++Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
++Reviewed-by: Stefan Haberland <sth@linux.ibm.com>
++Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
++---
++ zipl/boot/libc.c      | 132 ++------------------------------------------------
++ zipl/boot/libc.h      |   3 +-
++ zipl/boot/menu.c      |   2 +-
++ zipl/boot/tape2dump.c |   2 +-
++ 4 files changed, 6 insertions(+), 133 deletions(-)
++
++diff --git a/zipl/boot/libc.c b/zipl/boot/libc.c
++index a3a306c..4020458 100644
++--- a/zipl/boot/libc.c
+++++ b/zipl/boot/libc.c
++@@ -103,81 +103,6 @@ int strncmp(const char *s1, const char *s2, unsigned long count)
++ 	return 0;
++ }
++
++-/*
++- * Convert number to string
++- *
++- * Parameters:
++- *
++- * - buf:   Output buffer
++- * - base:  Base used for formatting (e.g. 10 or 16)
++- * - val:   Number to format
++- * - zero:  If > 0, fill with leading zeros, otherwise use blanks
++- * - count: Minimum number of characters used for output string
++- */
++-static int num_to_str(char *buf, int base, unsigned long val, int zero,
++-		      unsigned long count)
++-{
++-	static const char conv_vec[] = {'0', '1', '2', '3', '4', '5', '6', '7',
++-					'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
++-	unsigned long num = 0, val_work = val, in_number = 1;
++-	int i;
++-
++-	/* Count number of characters needed for number */
++-	do {
++-		num++;
++-		val_work /= base;
++-	} while (val_work);
++-	/* Real character number overwrites count */
++-	if (count < num)
++-		count = num;
++-	/* Format number */
++-	for (i = count - 1; i >= 0; i--) {
++-		if (in_number) {
++-			buf[i] = conv_vec[val % base];
++-			val /= base;
++-			in_number = val ? 1 : 0;
++-		} else {
++-			buf[i] = zero ? '0' : ' ';
++-		}
++-	}
++-	buf[count] = 0;
++-	return count;
++-}
++-
++-/*
++- * Convert string to string with indentation
++- */
++-static int str_to_str(char *buf, const char *str, unsigned long count)
++-{
++-	unsigned long size;
++-
++-	size = strlen(str);
++-	if (count < size)
++-		count = size;
++-	else
++-		memset(buf, ' ', count - size);
++-	strcpy(buf + (count - size), str);
++-	return count;
++-}
++-
++-/*
++- * Convert string to number with given base
++- */
++-unsigned long strtoul(const char *nptr, char **endptr, int base)
++-{
++-	unsigned long val = 0;
++-
++-	while (isdigit(*nptr)) {
++-		if (val != 0)
++-			val *= base;
++-		val += *nptr - '0';
++-		nptr++;
++-	}
++-	if (endptr)
++-		*endptr = (char *) nptr;
++-	return val;
++-}
++-
++ /*
++  * Convert ebcdic string to number with given base
++  */
++@@ -445,65 +370,14 @@ static int vsnprintf(char *buf, unsigned long size, const char *fmt,
++ }
++
++ /*
++- * Convert string to number with given base
++- */
++-static int sprintf_fmt(char type, char *buf, unsigned long val, int zero,
++-		       int count)
++-{
++-	switch (type) {
++-	case 's':
++-		return str_to_str(buf, (const char *) val, count);
++-	case 'x':
++-		return num_to_str(buf, 16, val, zero, count);
++-	case 'u':
++-		return num_to_str(buf, 10, val, zero, count);
++-	default:
++-		libc_stop(EINTERNAL);
++-	}
++-	return 0;
++-}
++-
++-/*
++- * Print formated string (va version)
++- */
++-static void vsprintf(char *str, const char *fmt, va_list va)
++-{
++-	unsigned long val, zero, count;
++-	char *fmt_next;
++-
++-	do {
++-		if (*fmt == '%') {
++-			fmt++;
++-			if (*fmt == '0') {
++-				zero = 1;
++-				fmt++;
++-			} else {
++-				zero = 0;
++-			}
++-			/* No number found by strtoul: count=0 fmt_next=fmt */
++-			count = strtoul(fmt, &fmt_next, 10);
++-			fmt = fmt_next;
++-			if (*fmt == 'l')
++-				fmt++;
++-			val = va_arg(va, unsigned long);
++-			str += sprintf_fmt(*fmt, str, val, zero, count);
++-			fmt++;
++-		} else {
++-			*str++ = *fmt++;
++-		}
++-	} while (*fmt);
++-	*str = 0;
++-}
++-
++-/*
++- * Write formated string to string
+++ * Write formatted string to buffer
++  */
++-void sprintf(char *str, const char *fmt, ...)
+++void snprintf(char *buf, unsigned long size, const char *fmt, ...)
++ {
++ 	va_list va;
++
++ 	va_start(va, fmt);
++-	vsprintf(str, fmt, va);
+++	vsnprintf(buf, size, fmt, va);
++ 	va_end(va);
++ }
++
++diff --git a/zipl/boot/libc.h b/zipl/boot/libc.h
++index d66d230..85a078e 100644
++--- a/zipl/boot/libc.h
+++++ b/zipl/boot/libc.h
++@@ -46,12 +46,11 @@ typedef unsigned short uint16_t;
++ typedef unsigned char uint8_t;
++
++ void printf(const char *, ...);
++-void sprintf(char *, const char *, ...);
+++void snprintf(char *buf, unsigned long size, const char *fmt, ...);
++ void *memcpy(void *, const void *, unsigned long);
++ void *memset(void *, int c, unsigned long);
++ char *strcat(char *, const char *);
++ int strncmp(const char *, const char *, unsigned long);
++-unsigned long strtoul(const char *, char **, int);
++ unsigned long ebcstrtoul(char *, char **, int);
++ int strlen(const char *);
++ char *strcpy(char *, const char *);
++diff --git a/zipl/boot/menu.c b/zipl/boot/menu.c
++index 7187156..e668bb9 100644
++--- a/zipl/boot/menu.c
+++++ b/zipl/boot/menu.c
++@@ -184,7 +184,7 @@ boot:
++ 			(void *)&__stage2_params + TEXT_OFFSET));
++
++ 	/* append 'BOOT_IMAGE=<num>' to parmline */
++-	sprintf(endstring, " BOOT_IMAGE=%u", value);
+++	snprintf(endstring, sizeof(endstring), " BOOT_IMAGE=%u", value);
++ 	if ((strlen(cmd_line_extra) + strlen(endstring)) < COMMAND_LINE_SIZE)
++ 		strcat(cmd_line_extra, endstring);
++
++diff --git a/zipl/boot/tape2dump.c b/zipl/boot/tape2dump.c
++index 58b72f3..b11f42b 100644
++--- a/zipl/boot/tape2dump.c
+++++ b/zipl/boot/tape2dump.c
++@@ -184,7 +184,7 @@ static void progress_print_disp(unsigned long addr)
++
++ 	if (addr % (1024 * 1024 * 16) != 0)
++ 		return;
++-	sprintf(msg, "%08u", addr >> 20);
+++	snprintf(msg, sizeof(msg), "%08u", addr >> 20);
++ 	ccw_load_display(msg);
++ }
++
 diff --git a/debian/patches/0027-zipl-libc-Indicate-truncated-lines-in-printf-with.patch b/debian/patches/0027-zipl-libc-Indicate-truncated-lines-in-printf-with.patch
 new file mode 100644
 index 0000000..561368e
 --- /dev/null
 +++ b/debian/patches/0027-zipl-libc-Indicate-truncated-lines-in-printf-with.patch
@@ -0,0 +1,69 @@
++From: Philipp Rudo <prudo@linux.ibm.com>
++Date: Wed, 12 Feb 2020 14:08:24 +0100
++Subject: zipl/libc: Indicate truncated lines in printf with '...'
++MIME-Version: 1.0
++Content-Type: text/plain; charset="utf-8"
++Content-Transfer-Encoding: 8bit
++
++Append '...' to lines exceeding the maximum line length instead of
++silently truncating them.
++
++Suggested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
++Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
++Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
++Reviewed-by: Stefan Haberland <sth@linux.ibm.com>
++Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
++---
++ zipl/boot/libc.c | 10 ++++++++--
++ zipl/boot/libc.h |  1 +
++ zipl/boot/menu.h |  1 -
++ 3 files changed, 9 insertions(+), 3 deletions(-)
++
++diff --git a/zipl/boot/libc.c b/zipl/boot/libc.c
++index 4020458..7396455 100644
++--- a/zipl/boot/libc.c
+++++ b/zipl/boot/libc.c
++@@ -386,11 +386,17 @@ void snprintf(char *buf, unsigned long size, const char *fmt, ...)
++  */
++ void printf(const char *fmt, ...)
++ {
++-	char buf[81];
+++	char buf[LINE_LENGTH + 1];
+++	int len;
++ 	va_list va;
++
++ 	va_start(va, fmt);
++-	vsnprintf(buf, sizeof(buf), fmt, va);
+++	len = vsnprintf(buf, sizeof(buf), fmt, va);
+++	if (len > LINE_LENGTH) {
+++		buf[LINE_LENGTH - 1] = '.';
+++		buf[LINE_LENGTH - 2] = '.';
+++		buf[LINE_LENGTH - 3] = '.';
+++	}
++ 	sclp_print(buf);
++ 	va_end(va);
++ }
++diff --git a/zipl/boot/libc.h b/zipl/boot/libc.h
++index 85a078e..8148e25 100644
++--- a/zipl/boot/libc.h
+++++ b/zipl/boot/libc.h
++@@ -39,6 +39,7 @@
++ #define ENOTTY		25	/* Not a typewriter */
++
++ #define MIB	(1024ULL * 1024)
+++#define LINE_LENGTH 80 /* max line length printed by printf */
++
++ typedef unsigned long long uint64_t;
++ typedef unsigned int uint32_t;
++diff --git a/zipl/boot/menu.h b/zipl/boot/menu.h
++index edfe240..84d27aa 100644
++--- a/zipl/boot/menu.h
+++++ b/zipl/boot/menu.h
++@@ -18,7 +18,6 @@
++ /* max command line length */
++ #define COMMAND_LINE_SIZE	        896
++ #define BOOT_MENU_ENTRIES		63
++-#define LINE_LENGTH                     80
++ #define PARAM_SIZE                      8
++ #define TEXT_OFFSET                     4
++
 diff --git a/debian/patches/0028-zipl-boot-libc-add-memmove-function.patch b/debian/patches/0028-zipl-boot-libc-add-memmove-function.patch
 new file mode 100644
 index 0000000..5d27d53
 --- /dev/null
 +++ b/debian/patches/0028-zipl-boot-libc-add-memmove-function.patch
@@ -0,0 +1,54 @@
++From: =?utf-8?q?Lukas_M=C3=A4rdian?= <lukas.maerdian@canonical.com>
++Date: Tue, 17 Nov 2020 16:22:55 +0100
++Subject: zipl/boot/libc: add memmove() function
++
++This was taken as a part of upstream commit:
++https://github.com/ibm-s390-tools/s390-tools/commit/e764f460c457ab2a6000acb5f2eb7169866ce192
++---
++ zipl/boot/libc.c | 20 ++++++++++++++++++++
++ zipl/boot/libc.h |  1 +
++ 2 files changed, 21 insertions(+)
++
++diff --git a/zipl/boot/libc.c b/zipl/boot/libc.c
++index 7396455..7b768cc 100644
++--- a/zipl/boot/libc.c
+++++ b/zipl/boot/libc.c
++@@ -56,6 +56,26 @@ void *memcpy(void *dest, const void *src, unsigned long n)
++ 	return dest;
++ }
++
+++/*
+++ * Move @n bytes of memory from @src to @dest. The memory regions may overlap.
+++ */
+++void *memmove(void *dest, const void *src, unsigned long n)
+++{
+++	const char *s = src;
+++	char *d = dest;
+++
+++	if (s < d) {
+++		d += n;
+++		s += n;
+++		while (n--)
+++			*--d = *--s;
+++	} else {
+++		while (n--)
+++			*d++ = *s++;
+++	}
+++	return dest;
+++}
+++
++ /*
++  * Copy string
++  */
++diff --git a/zipl/boot/libc.h b/zipl/boot/libc.h
++index 8148e25..2bd5063 100644
++--- a/zipl/boot/libc.h
+++++ b/zipl/boot/libc.h
++@@ -49,6 +49,7 @@ typedef unsigned char uint8_t;
++ void printf(const char *, ...);
++ void snprintf(char *buf, unsigned long size, const char *fmt, ...);
++ void *memcpy(void *, const void *, unsigned long);
+++void *memmove(void *, const void *, unsigned long);
++ void *memset(void *, int c, unsigned long);
++ char *strcat(char *, const char *);
++ int strncmp(const char *, const char *, unsigned long);
 diff --git a/debian/patches/series b/debian/patches/series
 index a600fb9..0003295 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -21,3 +21,8 @@ d4398aea897475b95e4ab18cde4a32d0d70e6973.patch
  dbginfo-use-dump2tar.patch
  dump2tar-backport.patch
  chreipl-fix-chreipl-node-for-virtio-devices.patch
++0024-zipl-libc-Introduce-vsnprintf.patch
++0025-zipl-libc-Fix-potential-buffer-overflow-in-printf.patch
++0026-zipl-libc-Replace-sprintf-with-snprintf.patch
++0027-zipl-libc-Indicate-truncated-lines-in-printf-with.patch
++0028-zipl-boot-libc-add-memmove-function.patch

Ubuntus390-tools package

Merge ~slyon/ubuntu/+source/s390-tools:slyon/xenial-SRUs into ubuntu/+source/s390-tools:ubuntu/xenial-devel

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
s390-tools package