[PATCH 0/6] broken CVE fix (b85d130ea0ca)

Fabio Estevam festevam at gmail.com
Sat Oct 15 14:57:42 CEST 2022


Hi Rasmus,

On Fri, Oct 14, 2022 at 2:44 PM Rasmus Villemoes
<rasmus.villemoes at prevas.dk> wrote:
>
> tl;dr: b85d130ea0ca didn't fix the CVE(s), but did break tftp of
> certain file sizes - which is somewhat lucky, since that's how I
> noticed in the first place.
>
> What I at first hoped would be a one-liner trivial fix turned out to
> be much more complicated and led me down a rabbit hole of related
> fixes. And this isn't even complete, I'm afraid. Details in 3/6.
>
> 1 and 4 are independent of all the others. 5 is a trivial preparation
> for 6; otherwise those are also independent of the others. Finally, 2
> and 3 are my attempts at actually fixing CVE-2022-{30790,30552}, with
> 2 essentially lifting the "ensure the payload has non-negative size"
> to the first place we can check that instead of relying on that check
> to happen in several places.

Thanks for the fix:

Reviewed-by: Fabio Estevam <festevam at denx.de>


More information about the U-Boot mailing list