| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56542220-494d-d41e-2378-f20f07caba5e@codeaurora.org>
Date: Thu, 8 Apr 2021 16:48:05 +0530
From: Sibi Sankar <sibis@...eaurora.org>
To: Bjorn Andersson <bjorn.andersson@...aro.org>,
Andy Gross <agross@...nel.org>,
Siddharth Gupta <sidgup@...eaurora.org>
Cc: linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
Hey Bjorn,
Thanks for the patch!
On 1/8/21 5:01 AM, Bjorn Andersson wrote:
> The code validates that segments of p_memsz bytes of a segment will fit
> in the provided memory region, but does not validate that p_filesz bytes
> will, which means that an incorrectly crafted ELF header might write
> beyond the provided memory region.
>
> Fixes: 051fb70fd4ea ("remoteproc: qcom: Driver for the self-authenticating Hexagon v5")
> Signed-off-by: Bjorn Andersson <bjorn.andersson@...aro.org>
> ---
> drivers/soc/qcom/mdt_loader.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
> index e01d18e9ad2b..5180b5996830 100644
> --- a/drivers/soc/qcom/mdt_loader.c
> +++ b/drivers/soc/qcom/mdt_loader.c
> @@ -230,6 +230,14 @@ static int __qcom_mdt_load(struct device *dev, const struct firmware *fw,
> break;
> }
>
> + if (phdr->p_filesz > phdr->p_memsz) {
> + dev_err(dev,
> + "refusing to load segment %d with p_filesz > p_memsz\n",
> + i);
> + ret = -EINVAL;
> + break;
> + }
> +
Reviewed-by: Sibi Sankar <sibis@...eaurora.org>
> ptr = mem_region + offset;
>
> if (phdr->p_filesz && phdr->p_offset < fw->size) {
>
--
Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc, is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
Powered by blists - more mailing lists