From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [U-Boot, v10, 09/10] tftp: prevent overwriting reserved memory
Date: Sat, 26 Jan 2019 08:17:05 -0500 [thread overview]
Message-ID: <20190126131705.GC6906@bill-the-cat> (raw)
In-Reply-To: <166124ca-e92c-56fc-8b97-6661901be8d9@gmail.com>
On Sat, Jan 26, 2019 at 09:46:35AM +0100, Simon Goldschmidt wrote:
> Am 26.01.2019 um 04:20 schrieb Heinrich Schuchardt:
> >TheOn 1/14/19 10:38 PM, Simon Goldschmidt wrote:
> >>This fixes CVE-2018-18439 ("insufficient boundary checks in network
> >>image boot") by using lmb to check for a valid range to store
> >>received blocks.
> >>
> >>Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
> >>Acked-by: Joe Hershberger <joe.hershberger@ni.com>
> >>---
> >
> >Hello Simon,
> >
> >due to this patch merged as a156c47e39ad7d00 on
> >vexpress_ca15_tc2_defconfig the command 'dhcp filename' always fails. It
> >was working in v2019.01
> >
> >Same is true for other platforms, e.g. vexpress_ca9x4_defconfig.
>
> OK, that's probably not expected ;-)
>
> I'd appreciate it if you could continue to track this down to get it fixed.
>
> >
> >I put in an extra printf() and got:
> >TFTP error: trying to overwrite reserved memory...
> >storeaddr 0, tftp_load_addr 0, tftp_load_size 0
>
> I don't know the first. The latter 2 are not initialized yet in this error
> path and so are expected to be zero here.
>
> Could you run that test again if I sent you a patch enabling required output
> for me to debug this?
>
> >
> >It is not even possible to disable the checks by undefining CONFIG_LMB
> >because a compile error arises without CONFIG_LMB:
> >
> >cmd/bootz.c:48:21: error: ‘bootm_headers_t’ {aka ‘struct bootm_headers’}
> >has no member named ‘lmb’
> >
> >I think the code should compile if CONFIG_LMB is undefined.
>
> You're right, it should compile without CONFIG_LMB. It did initially, so I
> guess that got lost somewhere during all the versions until v10, sorry. I'll
> work on that.
That might be on me. There were a few cases in the networking code
where the patch broke building the existing world.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190126/af03687d/attachment.sig>
next prev parent reply other threads:[~2019-01-26 13:17 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-14 21:38 [U-Boot] [PATCH v10 00/10] Fix CVE-2018-18440 and CVE-2018-18439 Simon Goldschmidt
2019-01-14 21:38 ` [U-Boot] [PATCH v10 01/10] test: add test for lib/lmb.c Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot,v10,01/10] " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 02/10] lmb: fix allocation at end of address range Simon Goldschmidt
2019-01-16 21:34 ` Simon Glass
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 03/10] lib: lmb: reserving overlapping regions should fail Simon Goldschmidt
2019-01-16 21:34 ` Simon Glass
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 04/10] fdt: parse "reserved-memory" for memory reservation Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-03-05 23:26 ` Eugeniu Rosca
2019-03-05 23:36 ` Marek Vasut
2019-01-14 21:38 ` [U-Boot] [PATCH v10 05/10] lib: lmb: extend lmb for checks at load time Simon Goldschmidt
2019-01-16 21:34 ` Simon Glass
2019-01-16 21:44 ` Simon Goldschmidt
2019-01-16 21:49 ` Tom Rini
2019-01-16 21:51 ` Simon Glass
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 06/10] fs: prevent overwriting reserved memory Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 07/10] bootm: use new common function lmb_init_and_reserve Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 08/10] lmb: remove unused extern declaration Simon Goldschmidt
2019-01-16 21:34 ` Simon Glass
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 09/10] tftp: prevent overwriting reserved memory Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-26 3:20 ` Heinrich Schuchardt
2019-01-26 8:46 ` Simon Goldschmidt
2019-01-26 9:56 ` Heinrich Schuchardt
2019-01-26 13:25 ` Heinrich Schuchardt
2019-01-26 21:20 ` Simon Goldschmidt
2019-01-26 13:17 ` Tom Rini [this message]
2019-01-26 21:15 ` Simon Goldschmidt
2019-01-14 21:38 ` [U-Boot] [PATCH v10 10/10] arm: bootm: fix sp detection at end of address range Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 22:54 ` [U-Boot] [PATCH v10 00/10] Fix CVE-2018-18440 and CVE-2018-18439 Tom Rini
2019-01-15 5:08 ` Simon Goldschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190126131705.GC6906@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.