Re: [RFC v3 2/2] firmware: add firmware signature checking support

On Tue, Jul 14, 2015 at 12:20 PM, Luis R. Rodriguez wrote: >> > + strcpy(signed_name, buf->fw_id); >> > + strncat(signed_name, sign_ext, strlen(sign_ext)); >> >> fw_id is potentially unbounded, so using strncat hear poses an >> overflow risk. Maybe better to use strlcpy? >> > > Thanks

Re: [RFC v3 2/2] firmware: add firmware signature checking support

On Mon, Jun 08, 2015 at 12:56:44PM -0700, Kees Cook wrote: > On Mon, May 18, 2015 at 5:45 PM, Luis R. Rodriguez > wrote: > > From: "Luis R. Rodriguez" > > > > diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c > > index 134dd77..97cab65 100644 > > --- a/drivers/base/firmwa

Re: [RFC v3 2/2] firmware: add firmware signature checking support

On Mon, May 18, 2015 at 5:45 PM, Luis R. Rodriguez wrote: > From: "Luis R. Rodriguez" > > Systems that have module signing currently enabled may > wish to extend vetting of firmware passed to the kernel > as well. We can re-use most of the code for module signing > for firmware signature verifica