[PATCH] fat: fat2rtc: Sanitize timestamps

Tom Rini trini at konsulko.com
Fri Jul 12 18:56:18 CEST 2024


On Fri, Jul 12, 2024 at 11:51:06AM +0200, Richard Weinberger wrote:
> Am Freitag, 12. Juli 2024, 11:46:08 CEST schrieb 'Heinrich Schuchardt' via upstream: 
> > Am 12. Juli 2024 10:24:54 MESZ schrieb Richard Weinberger <richard at nod.at>:
> > >Make sure that tm_mday and tm_mon are within the expected
> > >range. Upper layers such as rtc_calc_weekday() will use
> > >them as lookup keys for arrays and this can cause out of
> > >bounds memory accesses.
> > 
> > rtc_calc_weekday() might receive invalid input from other sources. Shouldn't the function always validate its input before array access?
> 
> It depends on the overall design.
> Functions like strlen() also assume that you provide a valid string,
> so rtc_calc_weekday() can assume too that the passed rtc_time structure contains valid data.
> 
> In doubt, let's fix both FAT and rtc_calc_weekday().

Well, we care about size growth when at all possible. So what if we
don't sanity check in each FS, but just in rtc_calc_weekday() and make
sure callers handle errors?

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240712/3b384c6c/attachment.sig>


More information about the U-Boot mailing list