[U-Boot] [PATCH v3] Prevent a buffer overflow in mkimage when signing with SHA256

michael at smart-africa.com michael at smart-africa.com
Fri May 30 20:59:00 CEST 2014


From: Michael van der Westhuizen <michael at smart-africa.com>

Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash.  This is exposed by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael at smart-africa.com>
---
Changes in v3:
 * Regenerate to correct mailer damage.
Changes in v2:
 * Use the HASH_MAX_DIGEST_SIZE constant from hash.h for the
   FIT_MAX_HASH_LEN.
 * Hide use of struct lmb behind USE_HOSTCC being undefined.

 include/image.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/image.h b/include/image.h
index 1886168..cbbdf26 100644
--- a/include/image.h
+++ b/include/image.h
@@ -45,6 +45,8 @@ struct lmb;
 #endif /* USE_HOSTCC */
 
 #if defined(CONFIG_FIT)
+#include <command.h>
+#include <hash.h>
 #include <libfdt.h>
 #include <fdt_support.h>
 # ifdef CONFIG_SPL_BUILD
@@ -328,7 +330,7 @@ typedef struct bootm_headers {
 #define	BOOTM_STATE_OS_GO	(0x00000400)
 	int		state;
 
-#ifdef CONFIG_LMB
+#if defined(CONFIG_LMB) && !defined(USE_HOSTCC)
 	struct lmb	lmb;		/* for memory mgmt */
 #endif
 } bootm_headers_t;
@@ -703,7 +705,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
 #define FIT_FDT_PROP		"fdt"
 #define FIT_DEFAULT_PROP	"default"
 
-#define FIT_MAX_HASH_LEN	20	/* max(crc32_len(4), sha1_len(20)) */
+#define FIT_MAX_HASH_LEN	HASH_MAX_DIGEST_SIZE
 
 /* cmdline argument format parsing */
 int fit_parse_conf(const char *spec, ulong addr_curr,
-- 
1.9.1



More information about the U-Boot mailing list