Re: [PATCH v4] firmware: google: check if size is valid when decoding VPD data

From: Stephen Boyd
Date: Fri Aug 30 2019 - 01:03:54 EST

Next message: CK Hu: "Re: [PATCH v5, 01/32] dt-bindings: mediatek: add binding for mt8183 display"
Previous message: Mr.Patrick Joseph: "Hoping to hear from you"
In reply to: Hung-Te Lin: "[PATCH v4] firmware: google: check if size is valid when decoding VPD data"
Next in thread: Guenter Roeck: "Re: [PATCH v4] firmware: google: check if size is valid when decoding VPD data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Hung-Te Lin (2019-08-29 19:23:58)
> The VPD implementation from Chromium Vital Product Data project used to
> parse data from untrusted input without checking if the meta data is
> invalid or corrupted. For example, the size from decoded content may
> be negative value, or larger than whole input buffer. Such invalid data
> may cause buffer overflow.
>
> To fix that, the size parameters passed to vpd_decode functions should
> be changed to unsigned integer (u32) type, and the parsing of entry
> header should be refactored so every size field is correctly verified
> before starting to decode.
>
> Fixes: ad2ac9d5c5e0 ("firmware: Google VPD: import lib_vpd source files")
> Signed-off-by: Hung-Te Lin <hungte@xxxxxxxxxxxx>

Reviewed-by: Stephen Boyd <swboyd@xxxxxxxxxxxx>

Next message: CK Hu: "Re: [PATCH v5, 01/32] dt-bindings: mediatek: add binding for mt8183 display"
Previous message: Mr.Patrick Joseph: "Hoping to hear from you"
In reply to: Hung-Te Lin: "[PATCH v4] firmware: google: check if size is valid when decoding VPD data"
Next in thread: Guenter Roeck: "Re: [PATCH v4] firmware: google: check if size is valid when decoding VPD data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]