[RFC][PATCH] mkimage: fit: Do not tail-pad fitImage with external data
Marek Vasut
marex at denx.de
Fri May 1 12:31:47 CEST 2020
On 4/24/20 6:02 PM, Simon Glass wrote:
> On Fri, 24 Apr 2020 at 04:19, Marek Vasut <marex at denx.de> wrote:
>>
>> There is no reason to tail-pad fitImage with external data to 4-bytes,
>> while fitImage without external data does not have any such padding and
>> is often unaligned. DT spec also does not mandate any such padding.
>>
>> Moreover, the tail-pad fills the last few bytes with uninitialized data,
>> which could lead to a potential information leak.
>>
>> Test:
>> echo -n x > /tmp/data ; ./tools/mkimage -f auto -d /tmp/data /tmp/fitImage ; hexdump -vC /tmp/fitImage
>> echo -n x > /tmp/data ; ./tools/mkimage -E -f auto -d /tmp/data /tmp/fitImage ; hexdump -vC /tmp/fitImage
>>
>> Signed-off-by: Marek Vasut <marex at denx.de>
>> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
>> Cc: Simon Glass <sjg at chromium.org>
>> Cc: Tom Rini <trini at konsulko.com>
>> ---
>> tools/fit_image.c | 1 -
>> 1 file changed, 1 deletion(-)
>
> Reviewed-by: Simon Glass <sjg at chromium.org>
>
> Would be good to get this in early for testing.
Tom ? This missed rc1 ...
More information about the U-Boot
mailing list