From: Michael van der Westhuizen <michael@smart-africa.com>
Date: Fri, 30 May 2014 18:59:00 +0000 (+0200)
Subject: Prevent a buffer overflow in mkimage when signing with SHA256
X-Git-Tag: v2025.01-rc5-pxa1908~15254
X-Git-Url: http://git.dujemihanovic.xyz/img/%7B%7B%20%28.OutputFormats.Get?a=commitdiff_plain;h=1de7bb4f27745336c6d9cd5c2088748fcdaf699d;p=u-boot.git

Prevent a buffer overflow in mkimage when signing with SHA256

Due to the FIT_MAX_HASH_LEN constant not having been updated
to support SHA256 signatures one will always see a buffer
overflow in fit_image_process_hash when signing images that
use this larger hash.  This is exposed by vboot_test.sh.

Signed-off-by: Michael van der Westhuizen <michael@smart-africa.com>
Acked-by: Simon Glass <sjg@chromium.org>
[trini: Rework a bit so move the exportable parts of hash.h outside of
 !USE_HOSTCC and only need that as a new include to image.h]
Signed-off-by: Tom Rini <trini@ti.com>
---

diff --git a/include/hash.h b/include/hash.h
index dc21678045..2a3632623b 100644
--- a/include/hash.h
+++ b/include/hash.h
@@ -6,6 +6,18 @@
 #ifndef _HASH_H
 #define _HASH_H
 
+/*
+ * Maximum digest size for all algorithms we support. Having this value
+ * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
+ */
+#define HASH_MAX_DIGEST_SIZE	32
+
+enum {
+	HASH_FLAG_VERIFY	= 1 << 0,	/* Enable verify mode */
+	HASH_FLAG_ENV		= 1 << 1,	/* Allow env vars */
+};
+
+#ifndef USE_HOSTCC
 #if defined(CONFIG_SHA1SUM_VERIFY) || defined(CONFIG_CRC32_VERIFY)
 #define CONFIG_HASH_VERIFY
 #endif
@@ -65,17 +77,6 @@ struct hash_algo {
 			   int size);
 };
 
-/*
- * Maximum digest size for all algorithms we support. Having this value
- * avoids a malloc() or C99 local declaration in common/cmd_hash.c.
- */
-#define HASH_MAX_DIGEST_SIZE	32
-
-enum {
-	HASH_FLAG_VERIFY	= 1 << 0,	/* Enable verify mode */
-	HASH_FLAG_ENV		= 1 << 1,	/* Allow env vars */
-};
-
 /**
  * hash_command: Process a hash command for a particular algorithm
  *
@@ -125,4 +126,5 @@ int hash_block(const char *algo_name, const void *data, unsigned int len,
  * @return 0 if ok, -EPROTONOSUPPORT for an unknown algorithm.
  */
 int hash_lookup_algo(const char *algo_name, struct hash_algo **algop);
+#endif /* !USE_HOSTCC */
 #endif
diff --git a/include/image.h b/include/image.h
index 132abdf055..b71e4ba35f 100644
--- a/include/image.h
+++ b/include/image.h
@@ -45,6 +45,7 @@ struct lmb;
 #endif /* USE_HOSTCC */
 
 #if defined(CONFIG_FIT)
+#include <hash.h>
 #include <libfdt.h>
 #include <fdt_support.h>
 # ifdef CONFIG_SPL_BUILD
@@ -706,7 +707,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end);
 #define FIT_FDT_PROP		"fdt"
 #define FIT_DEFAULT_PROP	"default"
 
-#define FIT_MAX_HASH_LEN	20	/* max(crc32_len(4), sha1_len(20)) */
+#define FIT_MAX_HASH_LEN	HASH_MAX_DIGEST_SIZE
 
 /* cmdline argument format parsing */
 int fit_parse_conf(const char *spec, ulong addr_curr,