| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5d68ae2f.1c69fb81.bc783.5e84@mx.google.com>
Date: Thu, 29 Aug 2019 22:03:42 -0700
From: Stephen Boyd <swboyd@...omium.org>
To: Hung-Te Lin <hungte@...omium.org>
Cc: hungte@...omium.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Guenter Roeck <linux@...ck-us.net>,
Samuel Holland <samuel@...lland.org>,
Allison Randal <allison@...utok.net>,
Colin Ian King <colin.king@...onical.com>,
Thomas Gleixner <tglx@...utronix.de>,
Alexios Zavras <alexios.zavras@...el.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] firmware: google: check if size is valid when decoding VPD data
Quoting Hung-Te Lin (2019-08-29 19:23:58)
> The VPD implementation from Chromium Vital Product Data project used to
> parse data from untrusted input without checking if the meta data is
> invalid or corrupted. For example, the size from decoded content may
> be negative value, or larger than whole input buffer. Such invalid data
> may cause buffer overflow.
>
> To fix that, the size parameters passed to vpd_decode functions should
> be changed to unsigned integer (u32) type, and the parsing of entry
> header should be refactored so every size field is correctly verified
> before starting to decode.
>
> Fixes: ad2ac9d5c5e0 ("firmware: Google VPD: import lib_vpd source files")
> Signed-off-by: Hung-Te Lin <hungte@...omium.org>
Reviewed-by: Stephen Boyd <swboyd@...omium.org>
Powered by blists - more mailing lists