=== chris14_ is now known as chris14
=== Juesto is now known as Juest
=== JanC_ is now known as JanC
=== arraybolt3_wc is now known as arraybolt3
[16:55] <arraybolt3> good grief, C is so full of footguns. Alright, that's what I had to say, thank you.
[16:56] <arraybolt3> (Trying to patch GRUB, and graduated from shell patches to actual bootloader patches. Trying to figure out if my strcpy is going to work without causing a buffer overflow is breaking my brain.
[16:57] <sdeziel> apparently, that didn't stop them from adding image decoding to GRUB ;)
[16:59] <arraybolt3> If I survive this without accidentally creating at least one security vulnerability, I'm going to be relieved and slightly surprised.
[16:59] <arraybolt3> I just hope someone reviews my code really carefully :P
[16:59] <mdeslaur> we can pre-emptively assign you some CVEs now if you want :)
[16:59] <arraybolt3> hahahahaha
[17:00] <arraybolt3> thankfully "all" I have to do is introduce two environment variable lookups and fallbacks, that's it. As long as I can juggle the semantics of `len`, `strcpy`, and `sizeof` without dropping anything, we're good.
[17:01] <arraybolt3> (you can probably tell I almost never write C code)
[17:01] <mdeslaur> all 3? without messing up?
[17:04] <arraybolt3> actually my job may be done, looks like GRUB wisely reuses the open_envblk_file code for both loading and saving the environment block.
[17:07] <arraybolt3> anyway, if someone does want to see if I've successfully dodged all bullets, this was my patch: https://termbin.com/467u And this is the file after patching: https://termbin.com/cnix Goal - make `load_env` and `save_env` look at the `envpath` environment variable, and open the environment block from that file if the variable is set. Otherwise, fall back to using `prefix` like before.
[17:14] <mdeslaur> arraybolt3: I'd send your diff to chrisc to review, he's used to looking at grub code