diff options
| -rw-r--r-- | util/libreboot-utils/README.md | 9 | ||||
| -rw-r--r-- | util/libreboot-utils/include/common.h | 2 | ||||
| -rw-r--r-- | util/libreboot-utils/lib/rand.c | 42 | ||||
| -rw-r--r-- | util/libreboot-utils/lottery.c | 47 |
4 files changed, 41 insertions, 59 deletions
diff --git a/util/libreboot-utils/README.md b/util/libreboot-utils/README.md index 9a40d5ce..6e94035b 100644 --- a/util/libreboot-utils/README.md +++ b/util/libreboot-utils/README.md @@ -24,9 +24,16 @@ the kernel/system), voluntarily error out (halt all operation) if accessing files you don't own - that's why sticky bits are checked for example, even when you're root. +It... blocks symlinks, relative paths, attempts to prevent +directory escape (outside of the directory that the file +you're creating is in), basically implementing an analog +of something like e.g. unveil, but in userspace! + Mkhtemp is designed to be the most secure implementation possible, of mktemp, offering a heavy amount of hardening -over traditional mktemp. +over traditional mktemp. Written in C89, and the plan is +very much to keep this code portable over time - patches +very much welcome. i.e. please read the source code diff --git a/util/libreboot-utils/include/common.h b/util/libreboot-utils/include/common.h index 0c8fbd3d..7f063a8c 100644 --- a/util/libreboot-utils/include/common.h +++ b/util/libreboot-utils/include/common.h @@ -391,7 +391,7 @@ void *rmalloc(size_t *size); /* don't ever use this */ void rset(void *buf, size_t n); void *mkrbuf(size_t n); char *mkrstr(size_t n); -int win_lottery(char **buf); +size_t rsize(size_t n); /* Helper functions for command: dump */ diff --git a/util/libreboot-utils/lib/rand.c b/util/libreboot-utils/lib/rand.c index 3a0a94bf..3155eec3 100644 --- a/util/libreboot-utils/lib/rand.c +++ b/util/libreboot-utils/lib/rand.c @@ -72,37 +72,20 @@ * or your program dies. */ -int -win_lottery(char **buf) /* are u lucky? */ +void * +rmalloc(size_t *rval) { - size_t size = 0; - int rval; - - char *s1 = rmalloc(&size); - char *s2 = rmalloc(&size); - - if (scmp(s1, s2, BUFSIZ + 2, &rval) >= 0 && - rval == 0) - rval = 1; /* winner! */ - else - rval = 0; - - (void) scat(s1, s2, BUFSIZ << 1, buf); - - free_if_null(&s1); - free_if_null(&s2); - - return rval; + return if_err(rval == NULL, EFAULT) ? + NULL : mkrstr(*rval = rsize(BUFSIZ)); } -void * -rmalloc(size_t *rval) +size_t +rsize(size_t n) { - if (if_err(rval == NULL, EFAULT)) - return NULL; + size_t rval = SIZE_MAX; + for (; rval >= SIZE_MAX - (SIZE_MAX % n); rset(&rval, sizeof(rval))); - rset(rval, sizeof(*rval)); - return mkrstr(*rval %= BUFSIZ); + return rval % n; } char * @@ -114,7 +97,7 @@ mkrstr(size_t n) /* emulates spkmodem-decode */ if (n == 0) err_no_cleanup(0, EPERM, "mkrbuf: zero-byte request"); - if (n == SIZE_MAX) + if (n >= SIZE_MAX - 1) err_no_cleanup(0, EOVERFLOW, "mkrbuf: overflow"); if (if_err((s = mkrbuf(n + 1)) == NULL, EFAULT)) @@ -132,11 +115,14 @@ mkrstr(size_t n) /* emulates spkmodem-decode */ void * mkrbuf(size_t n) { - void *buf; + void *buf = ""; if (n == 0) err_no_cleanup(0, EPERM, "mkrbuf: zero-byte request"); + if (n >= SIZE_MAX - 1) + err_no_cleanup(0, EOVERFLOW, "integer overflow in mkrbuf"); + if ((buf = malloc(n)) == NULL) err_no_cleanup(0, ENOMEM, "mkrbuf: malloc"); diff --git a/util/libreboot-utils/lottery.c b/util/libreboot-utils/lottery.c index 8157d7a9..9f84d043 100644 --- a/util/libreboot-utils/lottery.c +++ b/util/libreboot-utils/lottery.c @@ -1,41 +1,30 @@ /* SPDX-License-Identifier: MIT * Copyright (c) 2026 Leah Rowe <leah@libreboot.org> */ - -#ifdef __OpenBSD__ -#include <sys/param.h> /* pledge(2) */ -#endif - #include <stdio.h> -#include <stdlib.h> +#include <string.h> #include "include/common.h" +static int rigged(char **s); int main(int argc, char *argv[]) { - char *s1 = NULL; - int rval = 0; - -#if defined(__OpenBSD__) && defined(OpenBSD) -#if (OpenBSD) >= 509 +#ifdef __OpenBSD__ if (pledge("stdio", NULL) == -1) - err_no_cleanup(0, errno, "openbsd won it"); + err_no_cleanup(0, errno, "openbsd wins"); #endif -#endif - setvbuf(stdout, NULL, _IONBF, 0); - - if (win_lottery(&s1)) - rval = 1; - - if (s1 != NULL) { - printf("%s\n\n", s1); - free(s1); - } + printf("%s\n", (argc = rigged(argv)) ? "You lose!" : "You win!"); + return argc; +} - printf("%s\n", rval ? "You won!" : "You lose! Sorry!"); - return rval? EXIT_SUCCESS : EXIT_FAILURE; -}/* - - ( >:3 ) - /| |\ - / \ */ +static int +rigged(char **s) /* are u lucky? */ +{ + size_t size[2] = { rsize(1 << 17), rsize(1 << 17) }; + + return !(size[0] && size[0] == size[1] && size[0] <= 1 << 18 && + s != NULL) || memcmp(*s = mkrbuf(size[0] << 1), *s + size[0], + size[0]); +}/* ( >:3 ) + /| |\ it could be you! + / \ */
\ No newline at end of file |