[U-Boot] [PATCH] cmd_sf: Fix problem with "sf update" and unaligned length
Stefan Roese
sr at denx.de
Wed Apr 22 13:15:07 CEST 2015
On 22.04.2015 13:11, Jagan Teki wrote:
>> On 12.01.2015 22:10, Wolfgang Denk wrote:
>>>>>
>>>>> Should we add a memset(buf, 0, sizeof(buf)) before the memcpy() to
>>>>> prevent information from earlier activities to leak?
>>>>
>>>>
>>>> "buf" points to the new data to be written into the flash. We're
>>>> overwriting the first "len" bytes of "cmp_buf" with this data.
>>>
>>>
>>> Oh, sorry for the mixup. Then cmp_buf should be cleared (or at elast
>>> the remaining, unused part).
>>
>>
>> No. cmp_buf contains the original data from the flash. And only the
>> beginning of this buffer is overwritten with the new data from "buf". So,
>> the result of the memcpy() is that "cmp_buf" contains the data that should
>> be written into the flash. Its a combination of the "original data" and the
>> "new data".
>>
>>>> I don't see why we should erase anything there. Perhaps I'm missing
>>>> something though.
>>>
>>>
>>> You are leaking data. This could contain "interesting" information;
>>> see the OpenSSL “Heartbleed” vulnerability for a (nasty) example what
>>> information leakage can do.
>>
>>
>> There is nothing leaking here. When anything would be zeroed out, the
>> resulting buffer would not be the one that should be used.
>
> I think this thread link got stopped any further update on this.
I would have thought that this patch had been applied some time ago. If
not, then please do.
Thanks,
Stefan
More information about the U-Boot
mailing list