From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C00A3C001DC for ; Sun, 30 Jul 2023 18:42:11 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A525A867B5; Sun, 30 Jul 2023 20:42:09 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ZXdQNGNj"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id F40E7868CE; Sun, 30 Jul 2023 20:42:07 +0200 (CEST) Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 78613865BC for ; Sun, 30 Jul 2023 20:42:05 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-99b9421aaebso545922666b.2 for ; Sun, 30 Jul 2023 11:42:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1690742525; x=1691347325; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=a6bcxESTzCGbvoTlZWaUKWzh5lPfGPMA0uruxVs2o0c=; b=ZXdQNGNjk60WmWxHd+lpqiOvqlYzfGJz9x6y8D5jMPotq+N3A70DglcWsBOEzwPeYP E84pR00VgLSZFHtSRBJJacm9pnD5LrUq8p1x5cDTBYJold7RKZTNzZDmGL2DLnj4j45j 5BPLOqE8YI5j9ZmGRGUwCBFGY8Q5Q2t7uA0OUU7mBIB5L4mRfic3Rq5NDiRlNEcjxGz/ YVKUu/419SYG3vcvIb5606Te0BWOcjwRfRcPG+Dnv19kbOPnG0TtNlXTmHcgEeYYTiZ+ bSyP4L/ETrxIXqkukGhDdxfQD/HhWUWRCC8CyNIhcK/855+Mx1FYH2ut2OUB+Tkx07p1 B3VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690742525; x=1691347325; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=a6bcxESTzCGbvoTlZWaUKWzh5lPfGPMA0uruxVs2o0c=; b=VBVkgjyFJWd/ibDi8zU6Yqjft/S6235UpmJXtkXtQQORhaWUcIS5d5i9ik/6WGVdI2 9X0AArql8P8Dn+IedEeeoedcMgvS23m2x/WTGpvOwb0XfH3Q9gKHncu8SA3lX5DGZ5eT lz/G79Joz5FQYTrnJQGcxkWuczlg51yuawTcqb6ruCXsqS/3O6lq+TcHxBnJgrTxPL+8 B0zh6M7ekoMZp8pKwJDFjuBjljSd2xEu9lqahcSa8POpxD8TGBr/2B3mIc+f7PANGOM+ YdxwyW59xtznXzTEBasvELnjerqH8Nfm2dMudDY/PKJFH1EYO9e0cT4z6XQmVRPuICs9 2YKA== X-Gm-Message-State: ABy/qLbt2QSgcrcoSCJk1psgWJDW7iQgVB6wZtNqiBKmobxbsHvv3QnI WOoEJ+tzCpMzzbw9GhReD0+6OQ== X-Google-Smtp-Source: APBJJlFg6g22ZwrXJfClCh237FuBGJT+j6kN/Y5BDSYNqr2j9vInUfqxL2DfxMHybu3MB/f5E7xU7A== X-Received: by 2002:a17:907:a068:b0:993:d920:87d3 with SMTP id ia8-20020a170907a06800b00993d92087d3mr4222398ejc.25.1690742525017; Sun, 30 Jul 2023 11:42:05 -0700 (PDT) Received: from hades (ppp089210246083.access.hol.gr. [89.210.246.83]) by smtp.gmail.com with ESMTPSA id i10-20020a170906250a00b0099304c10fd3sm4980105ejb.196.2023.07.30.11.42.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Jul 2023 11:42:04 -0700 (PDT) Date: Sun, 30 Jul 2023 21:42:02 +0300 From: Ilias Apalodimas To: Heinrich Schuchardt Cc: Dan Carpenter , Masahisa Kojima , u-boot@lists.denx.de Subject: Re: [PATCH 1/1] efi_loader: fix invocation of efi_prepare_aligned_image Message-ID: References: <20230730073453.30582-1-heinrich.schuchardt@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230730073453.30582-1-heinrich.schuchardt@canonical.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Hi Heinrich On Sun, Jul 30, 2023 at 09:34:53AM +0200, Heinrich Schuchardt wrote: > When passing a pointer to a size_t variable to a function writing an u64 > value to the address a buffer overrun occurs on 32bit systems. > > Fixes: 163a0d7e2cbd ("efi_loader: add PE/COFF image measurement") > Reported-by: Dan Carpenter > Signed-off-by: Heinrich Schuchardt > --- > lib/efi_loader/efi_image_loader.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c > index 26df0da16c..71c713048d 100644 > --- a/lib/efi_loader/efi_image_loader.c > +++ b/lib/efi_loader/efi_image_loader.c > @@ -591,6 +591,8 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) > struct pkcs7_message *msg = NULL; > struct efi_signature_store *db = NULL, *dbx = NULL; > void *new_efi = NULL; > + u64 new_efi_size = efi_size; > + > u8 *auth, *wincerts_end; > size_t auth_size; > bool ret = false; > @@ -600,11 +602,11 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) > if (!efi_secure_boot_enabled()) > return true; > > - new_efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size); > + new_efi = efi_prepare_aligned_image(efi, &new_efi_size); > if (!new_efi) > return false; > > - if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts, > + if (!efi_image_parse(new_efi, new_efi_size, ®s, &wincerts, > &wincerts_len)) { > log_err("Parsing PE executable image failed\n"); > goto out; > -- > 2.40.1 > Dan already sent this here [0] and I was the one that requested a v2 changing the prototype of efi_prepare_aligned_image(). Since that proved to be more complicated we can pick the original patch instead [0] https://lore.kernel.org/u-boot/40c5713c-3caa-4882-aa86-065689e83270@moroto.mountain/ Cheers /Ilias