Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect conversion specifiers #2573

Closed
steven-bellock opened this issue Feb 15, 2024 · 0 comments · Fixed by #2574
Closed

Incorrect conversion specifiers #2573

steven-bellock opened this issue Feb 15, 2024 · 0 comments · Fixed by #2574
Assignees
@steven-bellock
Labels
bug Something isn't working security An issue that impacts security

Comments

@steven-bellock
Copy link
Contributor

There are many instances of

libspdm/library/spdm_requester_lib/libspdm_req_challenge.c

Lines 381 to 382 in 11a60b3

LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,
"libspdm_challenge - libspdm_encapsulated_request - %p\n", status));
where status is a uint32_t. If libspdm_debug_print passes this to the C printf function then the behavior is undefined.

If any argument is not the correct type for the corresponding conversion specification, the behavior is undefined.

Most compilers can detect this issue. However the libspdm_debug_print function masks this.

There are a few issues and tasks that arise from this.

  1. The conversion specifiers need to be changed. (This issue)
  2. The documentation for libspdm_debug_print needs to specify that format and ... follow C printf conventions.
  3. For CI/CD the LIBSPDM_DEBUG macro needs to be overridden such that it can be replaced with printf. Then the compiler can detect issues like this during compilation.

Even though this invokes undefined behavior I do not consider it much of a vulnerability, since

  • This issue only arises in a debug build.
  • For most (all?) compilers the behavior is benign. Most just print the value of the integer.
@steven-bellock steven-bellock added bug Something isn't working security An issue that impacts security labels Feb 15, 2024
@steven-bellock steven-bellock self-assigned this Feb 15, 2024
steven-bellock added a commit to steven-bellock/libspdm that referenced this issue Feb 15, 2024
@steven-bellock
Fix conversion specifiers
efc43b9 
Fix DMTF#2573.

Signed-off-by: Steven Bellock <[email protected]>
@steven-bellock steven-bellock mentioned this issue Feb 15, 2024
Merged
steven-bellock added a commit to steven-bellock/libspdm that referenced this issue Feb 15, 2024
@steven-bellock
Fix conversion specifiers
c9c260b 
Fix DMTF#2573.

Signed-off-by: Steven Bellock <[email protected]>
This was referenced Feb 15, 2024
Closed
Open
jyao1 pushed a commit that referenced this issue Feb 18, 2024
@steven-bellock @jyao1
Fix conversion specifiers
0882902 
Fix #2573.

Signed-off-by: Steven Bellock <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@steven-bellock steven-bellock

Labels
bug Something isn't working security An issue that impacts security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix conversion specifiers steven-bellock/libspdm
1 participant
@steven-bellock