[U-Boot] [U-Boot, v2] vboot: Add FIT_SIGNATURE_MAX_SIZE protection

Tom Rini trini at konsulko.com
Wed Jul 11 12:42:17 UTC 2018


On Sat, Jun 09, 2018 at 11:38:05AM -0400, Teddy Reed wrote:

> This adds a new config value FIT_SIGNATURE_MAX_SIZE, which controls the
> max size of a FIT header's totalsize field. The field is checked before
> signature checks are applied to protect from reading past the intended
> FIT regions.
> 
> This field is not part of the vboot signature so it should be sanity
> checked. If the field is corrupted then the structure or string region
> reads may have unintended behavior, such as reading from device memory.
> A default value of 256MB is set and intended to support most max storage
> sizes.
> 
> Suggested-by: Simon Glass <sjg at chromium.org>
> Signed-off-by: Teddy Reed <teddy.reed at gmail.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20180711/427f8766/attachment.sig>


More information about the U-Boot mailing list