On Sat, Jan 5, 2019 at 2:56 AM Simon Glass sjg@chromium.org wrote:
Hi Simon,
On Fri, 14 Dec 2018 at 13:14, Simon Goldschmidt simon.k.r.goldschmidt@gmail.com wrote:
This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem image load") by using lmb to check the load size of a file against reserved memory addresses.
Signed-off-by: Simon Goldschmidt simon.k.r.goldschmidt@gmail.com
Changes in v6:
- fixed NULL pointer access in 'fdt_blob' passed to 'boot_fdt_add_mem_rsv_regions'
Changes in v5: None Changes in v4: None Changes in v2: None
fs/fs.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++--- include/lmb.h | 2 ++ lib/lmb.c | 13 ++++++++++++ 3 files changed, 68 insertions(+), 3 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org
How about -ENOSPC instead of -1?
You mean in fs_read_lmb_check()? That would probably a good idea.
Not that you were replying to an old version, I had sent out v9 on 12/19/2018. There's still -1 in there however. I'll send a v10 that fixes this.
Regards, Simon