[U-Boot] [PATCH v2 0/6] handle compression buffer overflows
Kees Cook
keescook at chromium.org
Wed Aug 28 20:13:22 CEST 2013
Hi,
Can someone commit this series? It's been fully acked now...
Thanks,
-Kees
On Fri, Aug 16, 2013 at 7:59 AM, Kees Cook <keescook at chromium.org> wrote:
> v2: added acks, various suggested cleanups
>
> This series fixes gzip, lzma, and lzo to not overflow when writing
> to output buffers. Without this, it might be possible for untrusted
> compressed input to overflow the buffers used to hold the decompressed
> image.
>
> To catch these conditions, I added a series of compression tests available
> in the sandbox build. Without the fixes in patches 3, 4, and 5, the
> overflows are visible.
>
> Thanks,
>
> -Kees
>
> Kees Cook (6):
> sandbox: add compression tests
> documentation: add more compression configs
> gzip: correctly bounds-check output buffer
> lzma: correctly bounds-check output buffer
> lzo: correctly bounds-check output buffer
> bootm: allow correct bounds-check of destination
>
> README | 9 ++
> common/cmd_bootm.c | 2 +-
> include/configs/sandbox.h | 5 +
> lib/gunzip.c | 4 +-
> lib/lzma/LzmaTools.c | 8 +-
> lib/lzo/lzo1x_decompress.c | 8 +-
> test/Makefile | 1 +
> test/compression.c | 335 ++++++++++++++++++++++++++++++++++++++++++++
> 8 files changed, 366 insertions(+), 6 deletions(-)
> create mode 100644 test/compression.c
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
--
Kees Cook
Chrome OS Security
More information about the U-Boot
mailing list