[PATCH]: d1fd1cb interface/jtag_hat: Add interface configuration for the JTAG HAT

This is an automated email from Gerrit. Matthew Mets (m...@blinkinlabs.com) just uploaded a new patch set to Gerrit, which you can find at http://openocd.zylin.com/6372 -- gerrit commit d1fd1cbfa583c852fbec685ead1ae10634ea78c7 Author: Matthew Mets Date: Tue Jul 20 01:48:47 2021 +0200 in

[PATCH]: 4e1bf7b drivers/bcm2835: Add support for SWDIO direction control pin

This is an automated email from Gerrit. Matthew Mets (m...@blinkinlabs.com) just uploaded a new patch set to Gerrit, which you can find at http://openocd.zylin.com/6371 -- gerrit commit 4e1bf7b35fbd2bcd533fd9b50ef43a76acd77451 Author: Matthew Mets Date: Tue Jul 20 01:28:05 2021 +0200 dr

RE: Potential NULL byte injection

Hi Richard Sorry for misleading you down the wrong rabbit hole, and thank you for the analysis and explanation. Best regards Cinly -Original Message- From: Richard Braun Sent: Monday, July 19, 2021 10:10 PM To: Tommy Murphy Cc: OpenOCD ; Ooi, Cinly Subject: Re: Potential NULL byte

Re: Potential NULL byte injection

Am 19.07.21 um 16:10 schrieb Richard Braun: > On Mon, Jul 19, 2021 at 01:28:54PM +, Tommy Murphy wrote: >>> From: Richard Braun >>> Sent: Monday 19 July 2021 12:26 >>> To: Tommy Murphy >>> Cc: OpenOCD ; Ooi, Cinly >>> >>> Subject: Re: Potential NULL byte injection >>> >>> Without the issue,

Re: Potential NULL byte injection

On Mon, Jul 19, 2021 at 01:28:54PM +, Tommy Murphy wrote: > > From: Richard Braun > > Sent: Monday 19 July 2021 12:26 > > To: Tommy Murphy > > Cc: OpenOCD ; Ooi, Cinly > > > > Subject: Re: Potential NULL byte injection > > > > Without the issue, the impact of > > a malicious/faulty input is

Re: Potential NULL byte injection

> From: Richard Braun > Sent: Monday 19 July 2021 12:26 > To: Tommy Murphy > Cc: OpenOCD ; Ooi, Cinly > > Subject: Re: Potential NULL byte injection > > Without the issue, the impact of > a malicious/faulty input is restricted to what openocd can do. With it, > it's restricted to what the opera

Re: Potential NULL byte injection

On Mon, Jul 19, 2021 at 09:30:14AM +, Tommy Murphy wrote: > Thanks but I still don't really get it. > > The commands that you mention do not exist in openocd. > And the user is in full control of the scripts passed to openocd so would > have to allow them to contain the null but injection the

Re: Potential NULL byte injection

Thanks but I still don't really get it. The commands that you mention do not exist in openocd. And the user is in full control of the scripts passed to openocd so would have to allow them to contain the null but injection themselves. I still don't see how this is necessarily a problem in practic

RE: Potential NULL byte injection

I agree that this might not necessarily be a problem in practice or in theory. Just canvassing opinion of others with more knowledge about this then I do. From: Tommy Murphy Sent: Monday, July 19, 2021 5:30 PM To: OpenOCD ; Ooi, Cinly Subject: Re: Potential NULL byte injection Thanks but I s

RE: Potential NULL byte injection

Hi John I do not have a real example of an actual attack. No. Your comment that I have to show a actual attack on vanilla OpenOCD is fair. And yes, developer has to take responsibility to ensure his contribution doesn’t introduce any vulnerability. It is a perfectly valid stand to put responsi