Hi Kees,
On Mon, Aug 12, 2013 at 5:01 PM, Kees Cook keescook@chromium.org wrote:
[sending, now subscribed so mailman won't yell at me]
This series fixes gzip, lzma, and lzo to not overflow when writing to output buffers. Without this, it might be possible for untrusted compressed input to overflow the buffers used to hold the decompressed image.
To catch these conditions, I added a series of compression tests available in the sandbox build. Without the fixes in patches 3, 4, and 5, the overflows are visible.
It is on patchwork so I think all is well. BTW I see these warnings that we should fix sometime (not in your code)
$ crosfw -b sandbox Configuring for sandbox board... cmd_bootm.c: In function ‘bootm_load_os’: cmd_bootm.c:443:11: warning: passing argument 4 of ‘lzop_decompress’ from incompatible pointer type [enabled by default] /home/sjg/c/src/third_party/u-boot/files/include/linux/lzo.h:31:5: note: expected ‘size_t *’ but argument is of type ‘uint *’ cmd_ximg.c: In function ‘do_imgextract’: cmd_ximg.c:225:6: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] cmd_ximg.c:225:14: warning: ‘hdr’ may be used uninitialized in this function [-Wuninitialized]
Also do you have a diffstat for your cover letter? If you use patman for the cover letter too it should happy automatically.
Regards, Simon