[U-Boot] [PATCH v4 0/7] Fix CVE-2018-18440 and CVE-2018-18439

Frank Wunderlich frank-w at public-files.de
Fri Nov 30 17:51:32 UTC 2018 

Hi Simon,

after applying these Patch-series i cannot load to any address (fatload). Do i need any additional Patch ("fdt: parse "reserved-memory" for memory reservation" sounds like that). Maybe there should be a fallback if no reservation is defined.

regards Frank

> Gesendet: Samstag, 24. November 2018 um 15:11 Uhr
> Von: "Simon Goldschmidt" <simon.k.r.goldschmidt at gmail.com>
> An: "Tom Rini" <trini at konsulko.com>, u-boot at lists.denx.de, "Joe Hershberger" <joe.hershberger at ni.com>
> Cc: "Alexey Brodkin" <Alexey.Brodkin at synopsys.com>, "Heinrich Schuchardt" <xypron.glpk at gmx.de>, "Michal Simek" <michal.simek at xilinx.com>, "Alexander Graf" <agraf at suse.de>, "Andrea Barisani" <andrea.barisani at f-secure.com>
> Betreff: [U-Boot] [PATCH v4 0/7] Fix CVE-2018-18440 and CVE-2018-18439
>
> This series fixes CVE-2018-18440 ("insufficient boundary checks in
> filesystem image load") by adding restrictions to the 'load'
> command and fixes CVE-2018-18439 ("insufficient boundary checks in
> network image boot") by adding restrictions to the tftp code.
> The functions from lmb.c are used to setup regions of allowed and
> reserved memory. Then, the file size to load is checked against these
> addresses and loading the file is aborted if it would overwrite
> reserved memory.
> 
> The memory reservation code is reused from bootm/image.
> 
> Changes in v4:
> - fixed invalid 'if' statement without braces in boot_fdt_reserve_region
> - removed patch 7 ("net: remove CONFIG_MCAST_TFTP), adapted patch 8
> 
> Changes in v3:
> - No patch changes, but needed to resend since patman added too many cc
>   addresses that gmail seemed to detect as spam :-(
> 
> Changes in v2:
> - added code to reserve devicetree reserved-memory in lmb
> - added tftp fixes (patches 7 and 8)
> - fixed a bug in new function lmb_alloc_addr
> 
> Simon Goldschmidt (7):
>   lib: lmb: reserving overlapping regions should fail
>   fdt: parse "reserved-memory" for memory reservation
>   lib: lmb: extend lmb for checks at load time
>   fs: prevent overwriting reserved memory
>   bootm: use new common function lmb_init_and_reserve
>   lmb: remove unused extern declaration
>   tftp: prevent overwriting reserved memory
> 
>  common/bootm.c     |  8 ++----
>  common/image-fdt.c | 53 +++++++++++++++++++++++++++++------
>  fs/fs.c            | 56 +++++++++++++++++++++++++++++++++++--
>  include/lmb.h      |  7 +++--
>  lib/lmb.c          | 69 ++++++++++++++++++++++++++++++++++++++++++++++
>  net/tftp.c         | 66 ++++++++++++++++++++++++++++++++++++++------
>  6 files changed, 231 insertions(+), 28 deletions(-)
> 
> -- 
> 2.17.1
> 
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot
>

More information about the U-Boot mailing list