Am Mo., 14. Jan. 2019, 23:55 hat Tom Rini trini@konsulko.com geschrieben:
On Mon, Jan 14, 2019 at 10:38:13PM +0100, Simon Goldschmidt wrote:
This series fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by adding restrictions to the 'load' command and fixes CVE-2018-18439 ("insufficient boundary checks in network image boot") by adding restrictions to the tftp code. The functions from lmb.c are used to setup regions of allowed and reserved memory. Then, the file size to load is checked against these addresses and loading the file is aborted if it would overwrite reserved memory.
The memory reservation code is reused from bootm/image. Changes in v10:
- added acked-by and reviewed-by tags
Note that patchwork collects these automatically and we don't need to re-post things just for tags. Was anything else changed? Thanks!
Yes, I changed a return value in patch 6/10. I wouldn't have resend it otherwise. But anyway, patchwork did not seem to catch Simon's reviewed-by...
Regards, Simon