Hi,
On 22 February 2018 at 08:15, Alexander Graf agraf@suse.de wrote:
On 15.02.18 07:40, Andre Heider wrote:
This fixes walking the cbfs file list because the bound checks do not apply to header components.
Output of coreboot's cbfstool: Name Offset Type Size Comp cbfs master header 0x0 cbfs header 32 none fallback/romstage 0x80 stage 21344 none fallback/ramstage 0x5440 stage 36848 none config 0xe480 raw 310 none revision 0xe600 raw 575 none fallback/bl31 0xe880 payload 15931 none fallback/payload 0x12700 payload 205449 none (empty) 0x44a00 null 111768 none header pointer 0x5fec0 cbfs header 4 none
Output of u-boot's cbfsls: size type name ------------------------------------------ 32 cbfs header cbfs master header 21344 stage fallback/romstage 36848 stage fallback/ramstage 310 raw config 575 raw revision 15931 payload fallback/bl31 205449 payload fallback/payload 111768 null (empty) 4 cbfs header header pointer
I don't see a before/after comparison? What output exactly did get fixed?
I don't quite understand what case exactly this fixes. The bounds check seems to try to find out whether the header is within the master header range, right?
So doesn't this just mean we're reading beyond the expected fs size?
I don't understand this one either.
Andre please take a look and update your commit message.
Regards, Simon