[U-Boot] [U-Boot, v3] Prevent a buffer overflow in mkimage when signing with SHA256

Simon Glass sjg at chromium.org
Fri Jun 6 03:14:59 CEST 2014


Hi Tom,

On 5 June 2014 16:50, Tom Rini <trini at ti.com> wrote:
> On Fri, May 30, 2014 at 08:59:00PM +0200, Michael van der Westhuizen wrote:
>
>> From: Michael van der Westhuizen <michael at smart-africa.com>
>>
>> Due to the FIT_MAX_HASH_LEN constant not having been updated
>> to support SHA256 signatures one will always see a buffer
>> overflow in fit_image_process_hash when signing images that
>> use this larger hash.  This is exposed by vboot_test.sh.
>>
>> Signed-off-by: Michael van der Westhuizen <michael at smart-africa.com>
>> Acked-by: Simon Glass <sjg at chromium.org>
>
> Applied to u-boot/master (with a rework to hash.h to avoid breaking
> various platforms when host tools start adding command.h) , thanks!

Thanks - I was about to mention that!

Regards,
Simon


More information about the U-Boot mailing list