Hi Kees,
On Wed, Aug 28, 2013 at 12:13 PM, Kees Cook keescook@chromium.org wrote:
Hi,
Can someone commit this series? It's been fully acked now...
I'm happy to pull these in for Tom.
I see a few warnings when I run buildman:
$ ./tools/buildman/buildman -b us-kees sandbox -se Summary of 7 commits for 1 boards (1 thread, 32 jobs per thread) 01: omap5: Correct include order, drop CONFIG_SYS_PROMPT define 02: sandbox: add compression tests sandbox: + sandbox +cmd_bootm.c: In function ‘bootm_load_os’: +cmd_bootm.c:443:11: warning: passing argument 4 of ‘lzop_decompress’ from incompatible pointer type [enabled by default] +/usr/local/google/c/cosarm/src/third_party/u-boot/us-kees/.bm-work/00/include/linux/lzo.h:31:5: note: expected ‘size_t *’ but argument is of type ‘uint *’ +cmd_ximg.c: In function ‘do_imgextract’: +cmd_ximg.c:225:6: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] +cmd_ximg.c:225:14: warning: ‘hdr’ may be used uninitialized in this function [-Wuninitialized] 03: documentation: add more compression configs 04: gzip: correctly bounds-check output buffer 05: lzma: correctly bounds-check output buffer 06: lzo: correctly bounds-check output buffer 07: bootm: allow correct bounds-check of destination
I believe these are pre-existing, but didn't happen for sandbox since it was not enabling these options, but could you please create a patch to fix these that we can apply first?
To build for sandbox: 'make sandbox_config; make'
Regards, Simon
Thanks,
-Kees
On Fri, Aug 16, 2013 at 7:59 AM, Kees Cook keescook@chromium.org wrote:
v2: added acks, various suggested cleanups
This series fixes gzip, lzma, and lzo to not overflow when writing to output buffers. Without this, it might be possible for untrusted compressed input to overflow the buffers used to hold the decompressed image.
To catch these conditions, I added a series of compression tests available in the sandbox build. Without the fixes in patches 3, 4, and 5, the overflows are visible.
Thanks,
-Kees
Kees Cook (6): sandbox: add compression tests documentation: add more compression configs gzip: correctly bounds-check output buffer lzma: correctly bounds-check output buffer lzo: correctly bounds-check output buffer bootm: allow correct bounds-check of destination
README | 9 ++ common/cmd_bootm.c | 2 +- include/configs/sandbox.h | 5 + lib/gunzip.c | 4 +- lib/lzma/LzmaTools.c | 8 +- lib/lzo/lzo1x_decompress.c | 8 +- test/Makefile | 1 + test/compression.c | 335 ++++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 366 insertions(+), 6 deletions(-) create mode 100644 test/compression.c
U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
-- Kees Cook Chrome OS Security