[U-Boot] [PATCH v2 0/6] handle compression buffer overflows

Kees Cook keescook at chromium.org
Wed Aug 28 20:13:22 CEST 2013


Hi,

Can someone commit this series? It's been fully acked now...

Thanks,

-Kees

On Fri, Aug 16, 2013 at 7:59 AM, Kees Cook <keescook at chromium.org> wrote:
> v2: added acks, various suggested cleanups
>
> This series fixes gzip, lzma, and lzo to not overflow when writing
> to output buffers. Without this, it might be possible for untrusted
> compressed input to overflow the buffers used to hold the decompressed
> image.
>
> To catch these conditions, I added a series of compression tests available
> in the sandbox build. Without the fixes in patches 3, 4, and 5, the
> overflows are visible.
>
> Thanks,
>
> -Kees
>
> Kees Cook (6):
>       sandbox: add compression tests
>       documentation: add more compression configs
>       gzip: correctly bounds-check output buffer
>       lzma: correctly bounds-check output buffer
>       lzo: correctly bounds-check output buffer
>       bootm: allow correct bounds-check of destination
>
>  README                     |    9 ++
>  common/cmd_bootm.c         |    2 +-
>  include/configs/sandbox.h  |    5 +
>  lib/gunzip.c               |    4 +-
>  lib/lzma/LzmaTools.c       |    8 +-
>  lib/lzo/lzo1x_decompress.c |    8 +-
>  test/Makefile              |    1 +
>  test/compression.c         |  335 ++++++++++++++++++++++++++++++++++++++++++++
>  8 files changed, 366 insertions(+), 6 deletions(-)
>  create mode 100644 test/compression.c
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot



-- 
Kees Cook
Chrome OS Security


More information about the U-Boot mailing list