[PATCH 2/2] i2c: fix stack buffer overflow vulnerability in i2c md command
Tim Harvey
tharvey at gateworks.com
Sat Aug 27 00:22:34 CEST 2022
On Fri, Aug 26, 2022 at 3:21 PM Tim Harvey <tharvey at gateworks.com> wrote:
>
> On Fri, Aug 26, 2022 at 2:16 PM Marek Vasut <marex at denx.de> wrote:
> >
> > This reinstates fix from commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
> > without the changes unrelated to the actual fix. Avoid the underflow by
> > setting only nbytes and linebytes as unsigned integers.
> >
> > Signed-off-by: Marek Vasut <marex at denx.de>
> > Cc: Heiko Schocher <hs at denx.de>
> > Cc: Nicolas Iooss <nicolas.iooss+uboot at ledger.fr>
> > Cc: Simon Glass <sjg at chromium.org>
> > Cc: Tim Harvey <tharvey at gateworks.com>
> > ---
> > cmd/i2c.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/cmd/i2c.c b/cmd/i2c.c
> > index 9050b2b8d27..e196a73efa6 100644
> > --- a/cmd/i2c.c
> > +++ b/cmd/i2c.c
> > @@ -470,7 +470,8 @@ static int do_i2c_md(struct cmd_tbl *cmdtp, int flag, int argc,
> > uint chip;
> > uint addr, length;
> > int alen;
> > - int j, nbytes, linebytes;
> > + int j;
> > + uint nbytes, linebytes;
> > int ret;
> > #if CONFIG_IS_ENABLED(DM_I2C)
> > struct udevice *dev;
> > --
> > 2.35.1
> >
>
> Marek,
>
> Did 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 get reverted then?
>
Oh gosh... my bad for not seeing your first patch that reverts it!
Acked-by: Tim Harvey <tharvey at gateworks.com>
Best Regards,
Tim
More information about the U-Boot
mailing list