Hi Simon,
On Sat, 17 Nov 2018 at 05:25, Simon Goldschmidt simon.k.r.goldschmidt@gmail.com wrote:
This series fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by adding restrictions to the 'load' command and fixes CVE-2018-18439 ("insufficient boundary checks in network image boot") by adding restrictions to the tftp code.
The functions from lmb.c are used to setup regions of allowed and reserved memory. Then, the file size to load is checked against these addresses and loading the file is aborted if it would overwrite reserved memory.
The memory reservation code is reused from bootm/image.
Changes in v3:
- No patch changes, but needed to resend since patman added too many cc addresses that gmail seemed to detect as spam :-(
Changes in v2:
- added code to reserve devicetree reserved-memory in lmb
- added tftp fixes (patches 7 and 8)
- fixed a bug in new function lmb_alloc_addr
Simon Goldschmidt (8): lib: lmb: reserving overlapping regions should fail fdt: parse "reserved-memory" for memory reservation lib: lmb: extend lmb for checks at load time fs: prevent overwriting reserved memory bootm: use new common function lmb_init_and_reserve lmb: remove unused extern declaration net: remove CONFIG_MCAST_TFTP tftp: prevent overwriting reserved memory
README | 9 -- common/bootm.c | 8 +- common/image-fdt.c | 52 ++++++- drivers/net/rtl8139.c | 9 -- drivers/net/tsec.c | 52 ------- drivers/usb/gadget/ether.c | 3 - fs/fs.c | 56 ++++++- include/lmb.h | 7 +- include/net.h | 17 --- lib/lmb.c | 69 +++++++++ net/eth-uclass.c | 4 - net/eth_legacy.c | 46 ------ net/net.c | 9 +- net/tftp.c | 289 +++++++---------------------------- scripts/config_whitelist.txt | 1 - 15 files changed, 232 insertions(+), 399 deletions(-)
This is great work, but what is missing is a test for lmb.
Regards, Simon