GitHub-Mirror/u-boot
2
0
Fork 0
mirror of https://github.com/Fishwaldo/u-boot.git synced 2025-03-31 03:21:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Prevent a buffer overflow in mkimage when signing with SHA256

Browse source 
Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash.  This is exposed by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Rework a bit so move the exportable parts of hash.h outside of
 !USE_HOSTCC and only need that as a new include to image.h]
Signed-off-by: Tom Rini <trini@ti.com>
This commit is contained in:
Michael van der Westhuizen 2014-05-30 20:59:00 +02:00 committed by Tom Rini
parent d835e91d56
commit 1de7bb4f27
2 changed files with 15 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
include/hash.h
View file

@ -6,6 +6,18 @@
#ifndef _HASH_H #ifndef _HASH_H
#define _HASH_H #define _HASH_H
/*
* Maximum digest size for all algorithms we support. Having this value
* avoids a malloc() or C99 local declaration in common/cmd_hash.c.
*/
#define HASH_MAX_DIGEST_SIZE 32
enum {
HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */
HASH_FLAG_ENV = 1 << 1, /* Allow env vars */
};
#ifndef USE_HOSTCC
#if defined(CONFIG_SHA1SUM_VERIFY) || defined(CONFIG_CRC32_VERIFY) #if defined(CONFIG_SHA1SUM_VERIFY) || defined(CONFIG_CRC32_VERIFY)
#define CONFIG_HASH_VERIFY #define CONFIG_HASH_VERIFY
#endif #endif
@ -65,17 +77,6 @@ struct hash_algo {
int size); int size);
}; };
/*
* Maximum digest size for all algorithms we support. Having this value
* avoids a malloc() or C99 local declaration in common/cmd_hash.c.
*/
#define HASH_MAX_DIGEST_SIZE 32
enum {
HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */
HASH_FLAG_ENV = 1 << 1, /* Allow env vars */
};
/** /**
* hash_command: Process a hash command for a particular algorithm * hash_command: Process a hash command for a particular algorithm
* *
@ -125,4 +126,5 @@ int hash_block(const char *algo_name, const void *data, unsigned int len,
* @return 0 if ok, -EPROTONOSUPPORT for an unknown algorithm. * @return 0 if ok, -EPROTONOSUPPORT for an unknown algorithm.
*/ */
int hash_lookup_algo(const char *algo_name, struct hash_algo **algop); int hash_lookup_algo(const char *algo_name, struct hash_algo **algop);
#endif /* !USE_HOSTCC */
#endif #endif

3
include/image.h
View file

@ -45,6 +45,7 @@ struct lmb;
#endif /* USE_HOSTCC */ #endif /* USE_HOSTCC */
#if defined(CONFIG_FIT) #if defined(CONFIG_FIT)
#include <hash.h>
#include <libfdt.h> #include <libfdt.h>
#include <fdt_support.h> #include <fdt_support.h>
# ifdef CONFIG_SPL_BUILD # ifdef CONFIG_SPL_BUILD
@ -706,7 +707,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
#define FIT_FDT_PROP "fdt" #define FIT_FDT_PROP "fdt"
#define FIT_DEFAULT_PROP "default" #define FIT_DEFAULT_PROP "default"
#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ #define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE
/* cmdline argument format parsing */ /* cmdline argument format parsing */
int fit_parse_conf(const char *spec, ulong addr_curr, int fit_parse_conf(const char *spec, ulong addr_curr,