From: Stephen Boyd <swboyd@chromium.org>
To: Hung-Te Lin <hungte@chromium.org>
Cc: hungte@chromium.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Guenter Roeck <linux@roeck-us.net>,
Samuel Holland <samuel@sholland.org>,
Allison Randal <allison@lohutok.net>,
Colin Ian King <colin.king@canonical.com>,
Thomas Gleixner <tglx@linutronix.de>,
Alexios Zavras <alexios.zavras@intel.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4] firmware: google: check if size is valid when decoding VPD data
Date: Thu, 29 Aug 2019 22:03:42 -0700 [thread overview]
Message-ID: <5d68ae2f.1c69fb81.bc783.5e84@mx.google.com> (raw)
In-Reply-To: <20190830022402.214442-1-hungte@chromium.org>
Quoting Hung-Te Lin (2019-08-29 19:23:58)
> The VPD implementation from Chromium Vital Product Data project used to
> parse data from untrusted input without checking if the meta data is
> invalid or corrupted. For example, the size from decoded content may
> be negative value, or larger than whole input buffer. Such invalid data
> may cause buffer overflow.
>
> To fix that, the size parameters passed to vpd_decode functions should
> be changed to unsigned integer (u32) type, and the parsing of entry
> header should be refactored so every size field is correctly verified
> before starting to decode.
>
> Fixes: ad2ac9d5c5e0 ("firmware: Google VPD: import lib_vpd source files")
> Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Reviewed-by: Stephen Boyd <swboyd@chromium.org>
next prev parent reply other threads:[~2019-08-30 5:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-02 8:20 [PATCH] firmware: google: update vpd_decode from upstream Hung-Te Lin
2019-08-02 22:27 ` Stephen Boyd
2019-08-07 13:58 ` Guenter Roeck
2019-08-07 14:59 ` Stephen Boyd
2019-08-07 16:50 ` Guenter Roeck
2019-08-29 10:19 ` [PATCH v2] " Hung-Te Lin
2019-08-29 11:24 ` Greg Kroah-Hartman
2019-08-29 11:45 ` [PATCH v3] firmware: google: check if size is valid when decoding VPD data Hung-Te Lin
2019-08-29 14:51 ` Stephen Boyd
2019-08-30 2:23 ` [PATCH v4] " Hung-Te Lin
2019-08-30 5:03 ` Stephen Boyd [this message]
2019-08-30 16:54 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d68ae2f.1c69fb81.bc783.5e84@mx.google.com \
--to=swboyd@chromium.org \
--cc=alexios.zavras@intel.com \
--cc=allison@lohutok.net \
--cc=colin.king@canonical.com \
--cc=gregkh@linuxfoundation.org \
--cc=hungte@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=samuel@sholland.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox