[PATCH 1/2] Revert "i2c: fix stack buffer overflow vulnerability in i2c md command"
Tom Rini
trini at konsulko.com
Thu Sep 1 01:34:19 CEST 2022
On Fri, Aug 26, 2022 at 11:15:55PM +0200, Marek Vasut wrote:
> This reverts commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409.
>
> The commit is largely wrong and breaks most of i2c command functionality.
> The problem described in the aforementioned commit commit message is valid,
> however the commit itself does many more changes unrelated to fixing that
> one problem it describes. Those extra changes, namely the handling of i2c
> device address length as unsigned instead of signed integer, breaks the
> expectation that address length may be negative value. The negative value
> is used by DM to indicate that address length of device does not change.
>
> The actual bug documented in commit 8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
> can be fixed by extra sanitization in separate patch.
>
> Signed-off-by: Marek Vasut <marex at denx.de>
> Cc: Heiko Schocher <hs at denx.de>
> Cc: Nicolas Iooss <nicolas.iooss+uboot at ledger.fr>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Tim Harvey <tharvey at gateworks.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220831/453156ea/attachment.sig>
More information about the U-Boot
mailing list