| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210107232526.716989-1-bjorn.andersson@linaro.org>
Date: Thu, 7 Jan 2021 15:25:26 -0800
From: Bjorn Andersson <bjorn.andersson@...aro.org>
To: Andy Gross <agross@...nel.org>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Siddharth Gupta <sidgup@...eaurora.org>
Cc: linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] soc: qcom: mdt_loader: Detect truncated read of segments
Given that no validation of how much data the firmware loader read in
for a given segment truncated segment files would best case result in a
hash verification failure, without any indication of what went wrong.
Improve this by validating that the firmware loader did return the
amount of data requested.
Fixes: 445c2410a449 ("soc: qcom: mdt_loader: Use request_firmware_into_buf()")
Signed-off-by: Bjorn Andersson <bjorn.andersson@...aro.org>
---
drivers/soc/qcom/mdt_loader.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
index 24cd193dec55..e01d18e9ad2b 100644
--- a/drivers/soc/qcom/mdt_loader.c
+++ b/drivers/soc/qcom/mdt_loader.c
@@ -253,6 +253,14 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw,
break;
}
+ if (seg_fw->size != phdr->p_filesz) {
+ dev_err(dev,
+ "failed to load segment %d from truncated file %s\n",
+ i, fw_name);
+ ret = -EINVAL;
+ break;
+ }
+
release_firmware(seg_fw);
}
--
2.29.2
Powered by blists - more mailing lists