dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-09-01 16:52:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

fs: prevent overwriting reserved memory

Browse Source 
This fixes CVE-2018-18440 ("insufficient boundary checks in filesystem
image load") by using lmb to check the load size of a file against
reserved memory addresses.

Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Goldschmidt
2019-01-14 22:38:19 +01:00
committed by Tom Rini
parent 4cc8af8037
commit aa3c609e2b
3 changed files with 68 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/lmb.c
View File

@@ -98,6 +98,19 @@ void lmb_init(struct lmb *lmb)
lmb->reserved.size = 0;
}
/* Initialize the struct, add memory and call arch/board reserve functions */
void lmb_init_and_reserve(struct lmb *lmb, phys_addr_t base, phys_size_t size,
void *fdt_blob)
{
lmb_init(lmb);
lmb_add(lmb, base, size);
arch_lmb_reserve(lmb);
board_lmb_reserve(lmb);
if (IMAGE_ENABLE_OF_LIBFDT && fdt_blob)
boot_fdt_add_mem_rsv_regions(lmb, fdt_blob);
}
/* This routine called with relocation disabled. */
static long lmb_add_region(struct lmb_region *rgn, phys_addr_t base, phys_size_t size)
{