[U-Boot] [PATCH] cmd_sf: Fix problem with "sf update" and unaligned length

Jagan Teki jagannadh.teki at gmail.com
Wed Apr 22 13:26:12 CEST 2015


On 22 April 2015 at 16:45, Stefan Roese <sr at denx.de> wrote:
> On 22.04.2015 13:11, Jagan Teki wrote:
>>>
>>> On 12.01.2015 22:10, Wolfgang Denk wrote:
>>>>>>
>>>>>>
>>>>>> Should we add a  memset(buf, 0, sizeof(buf))  before the memcpy() to
>>>>>> prevent information from earlier activities to leak?
>>>>>
>>>>>
>>>>>
>>>>> "buf" points to the new data to be written into the flash. We're
>>>>> overwriting the first "len" bytes of "cmp_buf" with this data.
>>>>
>>>>
>>>>
>>>> Oh, sorry for the mixup.  Then cmp_buf should be cleared (or at elast
>>>> the remaining, unused part).
>>>
>>>
>>>
>>> No. cmp_buf contains the original data from the flash. And only the
>>> beginning of this buffer is overwritten with the new data from "buf". So,
>>> the result of the memcpy() is that "cmp_buf" contains the data that
>>> should
>>> be written into the flash. Its a combination of the "original data" and
>>> the
>>> "new data".
>>>
>>>>> I don't see why we should erase anything there. Perhaps I'm missing
>>>>> something though.
>>>>
>>>>
>>>>
>>>> You are leaking data.  This could contain "interesting" information;
>>>> see the OpenSSL “Heartbleed” vulnerability for a (nasty) example what
>>>> information leakage can do.
>>>
>>>
>>>
>>> There is nothing leaking here. When anything would be zeroed out, the
>>> resulting buffer would not be the one that should be used.
>>
>>
>> I think this thread link got stopped any further update on this.
>
>
> I would have thought that this patch had been applied some time ago. If not,
> then please do.

Applied to u-boot-spi/master

thanks!
-- 
Jagan.


More information about the U-Boot mailing list