Hi Simon,
after applying these Patch-series i cannot load to any address (fatload). Do i
need any additional Patch ("fdt: parse "reserved-memory" for memory
reservation" sounds like that). Maybe there should be a fallback if no
reservation is defined.
regards Frank
> Gesendet: Samstag, 24. November 2018 um 15:11 Uhr
> Von: "Simon Goldschmidt" <[email protected]>
> An: "Tom Rini" <[email protected]>, [email protected], "Joe Hershberger"
> <[email protected]>
> Cc: "Alexey Brodkin" <[email protected]>, "Heinrich Schuchardt"
> <[email protected]>, "Michal Simek" <[email protected]>, "Alexander
> Graf" <[email protected]>, "Andrea Barisani" <[email protected]>
> Betreff: [U-Boot] [PATCH v4 0/7] Fix CVE-2018-18440 and CVE-2018-18439
>
> This series fixes CVE-2018-18440 ("insufficient boundary checks in
> filesystem image load") by adding restrictions to the 'load'
> command and fixes CVE-2018-18439 ("insufficient boundary checks in
> network image boot") by adding restrictions to the tftp code.
> The functions from lmb.c are used to setup regions of allowed and
> reserved memory. Then, the file size to load is checked against these
> addresses and loading the file is aborted if it would overwrite
> reserved memory.
>
> The memory reservation code is reused from bootm/image.
>
> Changes in v4:
> - fixed invalid 'if' statement without braces in boot_fdt_reserve_region
> - removed patch 7 ("net: remove CONFIG_MCAST_TFTP), adapted patch 8
>
> Changes in v3:
> - No patch changes, but needed to resend since patman added too many cc
> addresses that gmail seemed to detect as spam :-(
>
> Changes in v2:
> - added code to reserve devicetree reserved-memory in lmb
> - added tftp fixes (patches 7 and 8)
> - fixed a bug in new function lmb_alloc_addr
>
> Simon Goldschmidt (7):
> lib: lmb: reserving overlapping regions should fail
> fdt: parse "reserved-memory" for memory reservation
> lib: lmb: extend lmb for checks at load time
> fs: prevent overwriting reserved memory
> bootm: use new common function lmb_init_and_reserve
> lmb: remove unused extern declaration
> tftp: prevent overwriting reserved memory
>
> common/bootm.c | 8 ++----
> common/image-fdt.c | 53 +++++++++++++++++++++++++++++------
> fs/fs.c | 56 +++++++++++++++++++++++++++++++++++--
> include/lmb.h | 7 +++--
> lib/lmb.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++
> net/tftp.c | 66 ++++++++++++++++++++++++++++++++++++++------
> 6 files changed, 231 insertions(+), 28 deletions(-)
>
> --
> 2.17.1
>
> _______________________________________________
> U-Boot mailing list
> [email protected]
> https://lists.denx.de/listinfo/u-boot
>
_______________________________________________
U-Boot mailing list
[email protected]
https://lists.denx.de/listinfo/u-boot
