From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [U-Boot, v10, 09/10] tftp: prevent overwriting reserved memory
Date: Sat, 26 Jan 2019 08:17:05 -0500 [thread overview]
Message-ID: <20190126131705.GC6906@bill-the-cat> (raw)
In-Reply-To: <166124ca-e92c-56fc-8b97-6661901be8d9@gmail.com>
On Sat, Jan 26, 2019 at 09:46:35AM +0100, Simon Goldschmidt wrote:
> Am 26.01.2019 um 04:20 schrieb Heinrich Schuchardt:
> >TheOn 1/14/19 10:38 PM, Simon Goldschmidt wrote:
> >>This fixes CVE-2018-18439 ("insufficient boundary checks in network
> >>image boot") by using lmb to check for a valid range to store
> >>received blocks.
> >>
> >>Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
> >>Acked-by: Joe Hershberger <joe.hershberger@ni.com>
> >>---
> >
> >Hello Simon,
> >
> >due to this patch merged as a156c47e39ad7d00 on
> >vexpress_ca15_tc2_defconfig the command 'dhcp filename' always fails. It
> >was working in v2019.01
> >
> >Same is true for other platforms, e.g. vexpress_ca9x4_defconfig.
>
> OK, that's probably not expected ;-)
>
> I'd appreciate it if you could continue to track this down to get it fixed.
>
> >
> >I put in an extra printf() and got:
> >TFTP error: trying to overwrite reserved memory...
> >storeaddr 0, tftp_load_addr 0, tftp_load_size 0
>
> I don't know the first. The latter 2 are not initialized yet in this error
> path and so are expected to be zero here.
>
> Could you run that test again if I sent you a patch enabling required output
> for me to debug this?
>
> >
> >It is not even possible to disable the checks by undefining CONFIG_LMB
> >because a compile error arises without CONFIG_LMB:
> >
> >cmd/bootz.c:48:21: error: ‘bootm_headers_t’ {aka ‘struct bootm_headers’}
> >has no member named ‘lmb’
> >
> >I think the code should compile if CONFIG_LMB is undefined.
>
> You're right, it should compile without CONFIG_LMB. It did initially, so I
> guess that got lost somewhere during all the versions until v10, sorry. I'll
> work on that.
That might be on me. There were a few cases in the networking code
where the patch broke building the existing world.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190126/af03687d/attachment.sig>
next prev parent reply other threads:[~2019-01-26 13:17 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-14 21:38 [U-Boot] [PATCH v10 00/10] Fix CVE-2018-18440 and CVE-2018-18439 Simon Goldschmidt
2019-01-14 21:38 ` [U-Boot] [PATCH v10 01/10] test: add test for lib/lmb.c Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot,v10,01/10] " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 02/10] lmb: fix allocation at end of address range Simon Goldschmidt
2019-01-16 21:34 ` Simon Glass
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 03/10] lib: lmb: reserving overlapping regions should fail Simon Goldschmidt
2019-01-16 21:34 ` Simon Glass
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 04/10] fdt: parse "reserved-memory" for memory reservation Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-03-05 23:26 ` Eugeniu Rosca
2019-03-05 23:36 ` Marek Vasut
2019-01-14 21:38 ` [U-Boot] [PATCH v10 05/10] lib: lmb: extend lmb for checks at load time Simon Goldschmidt
2019-01-16 21:34 ` Simon Glass
2019-01-16 21:44 ` Simon Goldschmidt
2019-01-16 21:49 ` Tom Rini
2019-01-16 21:51 ` Simon Glass
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 06/10] fs: prevent overwriting reserved memory Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 07/10] bootm: use new common function lmb_init_and_reserve Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 08/10] lmb: remove unused extern declaration Simon Goldschmidt
2019-01-16 21:34 ` Simon Glass
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 21:38 ` [U-Boot] [PATCH v10 09/10] tftp: prevent overwriting reserved memory Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-26 3:20 ` Heinrich Schuchardt
2019-01-26 8:46 ` Simon Goldschmidt
2019-01-26 9:56 ` Heinrich Schuchardt
2019-01-26 13:25 ` Heinrich Schuchardt
2019-01-26 21:20 ` Simon Goldschmidt
2019-01-26 13:17 ` Tom Rini [this message]
2019-01-26 21:15 ` Simon Goldschmidt
2019-01-14 21:38 ` [U-Boot] [PATCH v10 10/10] arm: bootm: fix sp detection at end of address range Simon Goldschmidt
2019-01-17 22:44 ` [U-Boot] [U-Boot, v10, " Tom Rini
2019-01-14 22:54 ` [U-Boot] [PATCH v10 00/10] Fix CVE-2018-18440 and CVE-2018-18439 Tom Rini
2019-01-15 5:08 ` Simon Goldschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190126131705.GC6906@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox