Hi Kees, On Wed, Aug 28, 2013 at 12:13 PM, Kees Cook <keesc...@chromium.org> wrote: > Hi, > > Can someone commit this series? It's been fully acked now...
I'm happy to pull these in for Tom. I see a few warnings when I run buildman: $ ./tools/buildman/buildman -b us-kees sandbox -se Summary of 7 commits for 1 boards (1 thread, 32 jobs per thread) 01: omap5: Correct include order, drop CONFIG_SYS_PROMPT define 02: sandbox: add compression tests sandbox: + sandbox +cmd_bootm.c: In function ‘bootm_load_os’: +cmd_bootm.c:443:11: warning: passing argument 4 of ‘lzop_decompress’ from incompatible pointer type [enabled by default] +/usr/local/google/c/cosarm/src/third_party/u-boot/us-kees/.bm-work/00/include/linux/lzo.h:31:5: note: expected ‘size_t *’ but argument is of type ‘uint *’ +cmd_ximg.c: In function ‘do_imgextract’: +cmd_ximg.c:225:6: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] +cmd_ximg.c:225:14: warning: ‘hdr’ may be used uninitialized in this function [-Wuninitialized] 03: documentation: add more compression configs 04: gzip: correctly bounds-check output buffer 05: lzma: correctly bounds-check output buffer 06: lzo: correctly bounds-check output buffer 07: bootm: allow correct bounds-check of destination I believe these are pre-existing, but didn't happen for sandbox since it was not enabling these options, but could you please create a patch to fix these that we can apply first? To build for sandbox: 'make sandbox_config; make' Regards, Simon > > Thanks, > > -Kees > > On Fri, Aug 16, 2013 at 7:59 AM, Kees Cook <keesc...@chromium.org> wrote: >> v2: added acks, various suggested cleanups >> >> This series fixes gzip, lzma, and lzo to not overflow when writing >> to output buffers. Without this, it might be possible for untrusted >> compressed input to overflow the buffers used to hold the decompressed >> image. >> >> To catch these conditions, I added a series of compression tests available >> in the sandbox build. Without the fixes in patches 3, 4, and 5, the >> overflows are visible. >> >> Thanks, >> >> -Kees >> >> Kees Cook (6): >> sandbox: add compression tests >> documentation: add more compression configs >> gzip: correctly bounds-check output buffer >> lzma: correctly bounds-check output buffer >> lzo: correctly bounds-check output buffer >> bootm: allow correct bounds-check of destination >> >> README | 9 ++ >> common/cmd_bootm.c | 2 +- >> include/configs/sandbox.h | 5 + >> lib/gunzip.c | 4 +- >> lib/lzma/LzmaTools.c | 8 +- >> lib/lzo/lzo1x_decompress.c | 8 +- >> test/Makefile | 1 + >> test/compression.c | 335 >> ++++++++++++++++++++++++++++++++++++++++++++ >> 8 files changed, 366 insertions(+), 6 deletions(-) >> create mode 100644 test/compression.c >> >> _______________________________________________ >> U-Boot mailing list >> U-Boot@lists.denx.de >> http://lists.denx.de/mailman/listinfo/u-boot > > > > -- > Kees Cook > Chrome OS Security _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
