[U-Boot] [PATCH 0/6] handle compression buffer overflows
Kees Cook
keescook at chromium.org
Tue Aug 13 00:48:10 CEST 2013
This series fixes gzip, lzma, and lzo to not overflow when writing
to output buffers. Without this, it might be possible for untrusted
compressed input to overflow the buffers used to hold the decompressed
image.
To catch these conditions, I added a series of compression tests available
in the sandbox build. Without the fixes in patches 3, 4, and 5, the
overflows are visible.
Thanks,
-Kees
More information about the U-Boot
mailing list