This series fixes CVE-2018-18440 ("insufficient boundary checks in
filesystem image load") by adding restrictions to the 'load'
command and fixes CVE-2018-18439 ("insufficient boundary checks in
network image boot") by adding restrictions to the tftp code.
The functions from lmb.c are used to setup regions of allowed and
reserved memory. Then, the file size to load is checked against these
addresses and loading the file is aborted if it would overwrite
reserved memory.
The memory reservation code is reused from bootm/image.
Changes in v4:
- added tests for lib/lmb.c
- fixed bug in lmb.c when ram is at the end of 32-bit address range
- fixed a bug in lmb_alloc_addr when resulting reserved rangesa get
combined
Changes in v4:
- fixed invalid 'if' statement without braces in boot_fdt_reserve_region
- removed patch 7 ("net: remove CONFIG_MCAST_TFTP), adapted patch 8
Changes in v3:
- No patch changes, but needed to resend since patman added too many cc
addresses that gmail seemed to detect as spam :-(
Changes in v2:
- added code to reserve devicetree reserved-memory in lmb
- added tftp fixes (patches 7 and 8)
- fixed a bug in new function lmb_alloc_addr
Simon Goldschmidt (9):
test: add test for lib/lmb.c
lmb: fix allocation at end of address range
lib: lmb: reserving overlapping regions should fail
fdt: parse "reserved-memory" for memory reservation
lib: lmb: extend lmb for checks at load time
fs: prevent overwriting reserved memory
bootm: use new common function lmb_init_and_reserve
lmb: remove unused extern declaration
tftp: prevent overwriting reserved memory
common/bootm.c | 8 +-
common/image-fdt.c | 53 ++++-
fs/fs.c | 56 ++++-
include/lmb.h | 7 +-
lib/lmb.c | 98 ++++++--
net/tftp.c | 66 +++++-
test/lib/Makefile | 1 +
test/lib/lmb.c | 561 +++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 805 insertions(+), 45 deletions(-)
create mode 100644 test/lib/lmb.c
--
2.17.1
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
