Bug 151118
| Summary: | grubby wrongly expands C format strings in grub.conf due to unsafe printf | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Pavel Roskin <plroskin> | ||||
| Component: | mkinitrd | Assignee: | Peter Jones <pjones> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 3 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i386 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2005-03-15 21:16:05 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 112002 [details]
Fix for the bug
The patch fixed all occurrences of *printf with variable format argument.
Fixed in rawhide, thanks for the patch. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20050221 Firefox/1.0 (Ubuntu) (Ubuntu package 1.0+dfsg.1-6ubuntu1) Description of problem: I have a line in /boot/grub/grub.conf that specifies terminfo grub should use (the purpose is to have fancy colors on the serial console): terminfo --name=linux --cursor-address=\E[%i%p1%d;%p2%dH \ --clear-screen=\E[H\E[J --enter-standout-mode=\e[33;44;1m \ --exit-standout-mode=\e[39;49;22m After running "make install" in the kernel directory, the expression after cursor-address is mangled: terminfo --name=linux \ --cursor-address=\E[1345734640x80561781134568072;0x8052ab22-1073746488H ... This happens because grubby uses printf without an explicit format, assuming that there are no C formatting directived in grub.conf. Not only is it wrong, but it might crash grubby in some cases. Version-Release number of selected component (if applicable): mkinitrd-4.1.18-2 How reproducible: Always Steps to Reproduce: 1. Add line containing "# %s" in /boot/grub/grub.conf 2. Install a kernel from sources by running "make install". 3. See /boot/grub/grub.conf Actual Results: The line becomes "# (null)" Expected Results: The line should remain "# %s" Additional info: