[U-Boot] [PATCH 0/4] Fix CVE-2018-18440
Simon Goldschmidt
simon.k.r.goldschmidt at gmail.com
Mon Nov 12 21:25:28 UTC 2018
This series fixes CVE-2018-18440 ("insufficient boundary checks in
filesystem image load") by adding restrictions to the 'load'
command. The functions from lmb.c are used to setup regions of
allowed and reserved memory. Then, the file size to load is checked
against these addresses and loading the file is aborted if it would
overwrite reserved memory.
The memory reservation code is reused from bootm/image.
Note that this doesn't yet fix CVE-2018-18439 ("insufficient
boundary checks in network image boot"), which is somewhat similar.
Note that patman warnings are in old code only or due to adopting
the file's coding style.
Simon Goldschmidt (4):
lib: lmb: reserving overlapping regions should fail
lib: lmb: add function lmb_alloc_addr
fs: prevent overwriting reserved memory
bootm: use new common function lmb_init_and_reserve
common/bootm.c | 8 ++------
fs/fs.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++---
include/lmb.h | 3 +++
lib/lmb.c | 42 +++++++++++++++++++++++++++++++++++++
4 files changed, 100 insertions(+), 9 deletions(-)
--
2.17.1
More information about the U-Boot
mailing list