[U-Boot] [PATCH] Prevent a buffer overflow in mkimage when signing with SHA256
Michael van der Westhuizen
michael at smart-africa.com
Tue May 20 15:59:29 CEST 2014
Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash. This is exposed by vboot_test.sh.
Signed-off-by: Michael van der Westhuizen <michael at smart-africa.com>
---
include/image.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/image.h b/include/image.h
index b278778..fdaab5e 100644
--- a/include/image.h
+++ b/include/image.h
@@ -702,7 +702,8 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
#define FIT_FDT_PROP "fdt"
#define FIT_DEFAULT_PROP "default"
-#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */
+/* max(crc32_len(4), sha1_len(20), sha256_len(32)) */
+#define FIT_MAX_HASH_LEN 32
/* cmdline argument format parsing */
int fit_parse_conf(const char *spec, ulong addr_curr,
--
2.0.0.rc0
More information about the U-Boot
mailing list