[U-Boot] [PATCH v2 0/6] handle compression buffer overflows
Kees Cook
keescook at chromium.org
Fri Aug 16 16:59:10 CEST 2013
v2: added acks, various suggested cleanups
This series fixes gzip, lzma, and lzo to not overflow when writing
to output buffers. Without this, it might be possible for untrusted
compressed input to overflow the buffers used to hold the decompressed
image.
To catch these conditions, I added a series of compression tests available
in the sandbox build. Without the fixes in patches 3, 4, and 5, the
overflows are visible.
Thanks,
-Kees
Kees Cook (6):
sandbox: add compression tests
documentation: add more compression configs
gzip: correctly bounds-check output buffer
lzma: correctly bounds-check output buffer
lzo: correctly bounds-check output buffer
bootm: allow correct bounds-check of destination
README | 9 ++
common/cmd_bootm.c | 2 +-
include/configs/sandbox.h | 5 +
lib/gunzip.c | 4 +-
lib/lzma/LzmaTools.c | 8 +-
lib/lzo/lzo1x_decompress.c | 8 +-
test/Makefile | 1 +
test/compression.c | 335 ++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 366 insertions(+), 6 deletions(-)
create mode 100644 test/compression.c
More information about the U-Boot
mailing list