sbsign failure in the presence of zero sized sections

Bug #1252288 reported by Ard Biesheuvel on 2013-11-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sbsigntool (Ubuntu)
Undecided
Unassigned

Bug Description

EFISTUB zImages for ARM64 contain two sections, a dummy .reloc section and a .text sections covering the entire payload.

When attempting to sign such a zImage, sbsign fails in the image_find_regions() like so

Starting program: /home/ard/build/sbsigntool-0.6/src/sbsign --key server.key --cert server.crt ~/linux-arm/arch/arm64/boot/Image
warning: gap in section table:
    (null) : 0xffff8000093bfd01 - 0xffff8000093bfd01,
    .text : 0x000001a0 - 0x00000201,

This is caused by the loop in this function, which skips NULL sections but still increments 'i', causing the contiguity check to become invalid.

The following patch solves the issue for me.

--- image.c.orig 2013-11-18 15:34:13.451962351 +0100
+++ image.c 2013-11-18 15:34:15.415962345 +0100
@@ -379,34 +379,34 @@
     image->checksum_regions,
     struct region,
     image->n_checksum_regions);
- regions = image->checksum_regions;
+ regions = &image->checksum_regions[image->n_checksum_regions-1];

- regions[i + 3].data = buf + file_offset;
- regions[i + 3].size = align_up(file_size,
+ regions->data = buf + file_offset;
+ regions->size = align_up(file_size,
      image->file_alignment);
- regions[i + 3].name = talloc_strndup(image->checksum_regions,
+ regions->name = talloc_strndup(image->checksum_regions,
      image->scnhdr[i].s_name, 8);
- bytes += regions[i + 3].size;
+ bytes += regions->size;

- if (file_offset + regions[i+3].size > image->size) {
+ if (file_offset + regions->size > image->size) {
    fprintf(stderr, "warning: file-aligned section %s "
      "extends beyond end of file\n",
- regions[i+3].name);
+ regions->name);
   }

- if (regions[i+2].data + regions[i+2].size
- != regions[i+3].data) {
+ if (regions[-1].data + regions[-1].size
+ != regions->data) {
    fprintf(stderr, "warning: gap in section table:\n");
    fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
- regions[i+2].name,
- regions[i+2].data - buf,
- regions[i+2].data +
- regions[i+2].size - buf);
+ regions[-1].name,
+ regions[-1].data - buf,
+ regions[-1].data +
+ regions[-1].size - buf);
    fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n",
- regions[i+3].name,
- regions[i+3].data - buf,
- regions[i+3].data +
- regions[i+3].size - buf);
+ regions->name,
+ regions->data - buf,
+ regions->data +
+ regions->size - buf);

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sbsigntool - 0.6-0ubuntu7

---------------
sbsigntool (0.6-0ubuntu7) trusty; urgency=medium

  * debian/patches/del-duplicate-define.patch: Remove duplicate define.
  * debian/patches/zero-sized-sections.patch: Fix failure in sbsigntool
    when it encouters zero-sized PE/COFF image sections (LP: #1252288).
  * debian/patches/arm-arm64-support.patch: Support signing ARM images.
 -- Adam Conrad <email address hidden> Tue, 15 Apr 2014 14:54:42 +0100

Changed in sbsigntool (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers