[U-Boot] [PATCH 0/6] handle compression buffer overflows

Simon Glass sjg at chromium.org
Wed Aug 14 19:22:08 CEST 2013


Hi Kees,

On Mon, Aug 12, 2013 at 5:01 PM, Kees Cook <keescook at chromium.org> wrote:
> [sending, now subscribed so mailman won't yell at me]
>
> This series fixes gzip, lzma, and lzo to not overflow when writing
> to output buffers. Without this, it might be possible for untrusted
> compressed input to overflow the buffers used to hold the decompressed
> image.
>
> To catch these conditions, I added a series of compression tests available
> in the sandbox build. Without the fixes in patches 3, 4, and 5, the
> overflows are visible.
>

It is on patchwork so I think all is well. BTW I see these warnings
that we should fix sometime (not in your code)

$ crosfw -b sandbox
Configuring for sandbox board...
cmd_bootm.c: In function ‘bootm_load_os’:
cmd_bootm.c:443:11: warning: passing argument 4 of ‘lzop_decompress’
from incompatible pointer type [enabled by default]
/home/sjg/c/src/third_party/u-boot/files/include/linux/lzo.h:31:5:
note: expected ‘size_t *’ but argument is of type ‘uint *’
cmd_ximg.c: In function ‘do_imgextract’:
cmd_ximg.c:225:6: warning: cast to pointer from integer of different
size [-Wint-to-pointer-cast]
cmd_ximg.c:225:14: warning: ‘hdr’ may be used uninitialized in this
function [-Wuninitialized]

Also do you have a diffstat for your cover letter? If you use patman
for the cover letter too it should happy automatically.

Regards,
Simon


More information about the U-Boot mailing list