[U-Boot] [PATCH v6 6/9] fs: prevent overwriting reserved memory

Simon Glass sjg at chromium.org
Sat Jan 5 01:56:31 UTC 2019


Hi Simon,

On Fri, 14 Dec 2018 at 13:14, Simon Goldschmidt
<simon.k.r.goldschmidt at gmail.com> wrote:
>
> This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem
> image load") by using lmb to check the load size of a file against
> reserved memory addresses.
>
> Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt at gmail.com>
> ---
>
> Changes in v6:
> - fixed NULL pointer access in 'fdt_blob' passed to
>   'boot_fdt_add_mem_rsv_regions'
>
> Changes in v5: None
> Changes in v4: None
> Changes in v2: None
>
>  fs/fs.c       | 56 ++++++++++++++++++++++++++++++++++++++++++++++++---
>  include/lmb.h |  2 ++
>  lib/lmb.c     | 13 ++++++++++++
>  3 files changed, 68 insertions(+), 3 deletions(-)

Reviewed-by: Simon Glass <sjg at chromium.org>

How about -ENOSPC instead of -1?

Regards,
Simon


More information about the U-Boot mailing list