On Tue, Jul 14, 2015 at 12:20 PM, Luis R. Rodriguez wrote:
>> > + strcpy(signed_name, buf->fw_id);
>> > + strncat(signed_name, sign_ext, strlen(sign_ext));
>>
>> fw_id is potentially unbounded, so using strncat hear poses an
>> overflow risk. Maybe better to use strlcpy?
>>
>
> Thanks
On Mon, Jun 08, 2015 at 12:56:44PM -0700, Kees Cook wrote:
> On Mon, May 18, 2015 at 5:45 PM, Luis R. Rodriguez
> wrote:
> > From: "Luis R. Rodriguez"
> >
> > diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
> > index 134dd77..97cab65 100644
> > --- a/drivers/base/firmwa
On Mon, May 18, 2015 at 5:45 PM, Luis R. Rodriguez
wrote:
> From: "Luis R. Rodriguez"
>
> Systems that have module signing currently enabled may
> wish to extend vetting of firmware passed to the kernel
> as well. We can re-use most of the code for module signing
> for firmware signature verifica