| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170530071022.GB26483@linaro.org>
Date: Tue, 30 May 2017 16:10:23 +0900
From: AKASHI Takahiro <takahiro.akashi@...aro.org>
To: dhowells@...hat.com
Cc: ard.biesheuvel@...aro.org, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: verify_pefile_signature() and a message field of MZ header in pe.h
Hi David,
Struct mz_hdr in include/linux/pe.h contains a message[] field.
Should it be part of this structure?
(I googled "MZ format," but didn't find out the exact definition.)
I'm now working on kexec_file_load support on arm64. As arm64's
Image binary can be seen as in PE format, verify_pefile_signature()
is used to assure integrity as on x86.
But this attempt fails (ELIBBAD) at pefile_parse_binary():
---8<---
#define chkaddr(base, x, s) \
do { \
if ((x) < base || (s) >= datalen || (x) > datalen - (s)) \
return -ELIBBAD; \
} while (0)
...
cursor = sizeof(*mz);
chkaddr(cursor, mz->peaddr, sizeof(*pe)); <-- Here
pe = pebuf + mz->peaddr;
if (pe->magic != PE_MAGIC)
return -ELIBBAD;
--->8---
because our Image doesn't have message[] in a pseudo header and so
mz->peaddr is not beyond sizeof(*mz).
I think we can fix this issue, either
(a) remove message[] from struct mz_hdr
(b) modify a check by chkaddr() macro
(c) add a dummy pad into arm64's binary
Which one should we follow here?
Thanks,
-Takahiro AKASHI
Powered by blists - more mailing lists