[U-Boot] [PATCH v2] Prevent a buffer overflow in mkimage when signing with SHA256

Michael van der Westhuizen michael at smart-africa.com
Fri May 30 20:50:35 CEST 2014


Hi Simon,

That's very odd.  I'll regenerate the patch and resend.

I'm using git send-email, so things should not be getting mangled.

Michael

On 30 May 2014, at 8:42 PM, Simon Glass <sjg at chromium.org> wrote:

> Hi Michael,
> 
> On 26 May 2014 07:09, Michael van der Westhuizen
> <michael at smart-africa.com> wrote:
>> Due to the FIT_MAX_HASH_LEN constant not having been updated
>> to support SHA256 signatures one will always see a buffer
>> overflow in fit_image_process_hash when signing images that
>> use this larger hash.  This is exposed by vboot_test.sh.
>> 
>> Signed-off-by: Michael van der Westhuizen <michael at smart-africa.com>
>> ---
>> Changes in v2:
>> * Use the HASH_MAX_DIGEST_SIZE constant from hash.h for the
>>   FIT_MAX_HASH_LEN.
>> * Hide use of struct lmb behind USE_HOSTCC being undefined.
> 
> This seems to have whitespace problems, or it could be your mailer.
> There should be tabs in there somewhere. Did you use patman to
> check/send?
> 
> Regards,
> Simon



More information about the U-Boot mailing list