From: Michael van der Westhuizen Date: Fri, 30 May 2014 18:59:00 +0000 (+0200) Subject: Prevent a buffer overflow in mkimage when signing with SHA256 X-Git-Url: http://git.dujemihanovic.xyz/login.html?a=commitdiff_plain;h=1de7bb4f27745336c6d9cd5c2088748fcdaf699d;p=u-boot.git Prevent a buffer overflow in mkimage when signing with SHA256 Due to the FIT_MAX_HASH_LEN constant not having been updated to support SHA256 signatures one will always see a buffer overflow in fit_image_process_hash when signing images that use this larger hash. This is exposed by vboot_test.sh. Signed-off-by: Michael van der Westhuizen Acked-by: Simon Glass [trini: Rework a bit so move the exportable parts of hash.h outside of !USE_HOSTCC and only need that as a new include to image.h] Signed-off-by: Tom Rini --- diff --git a/include/hash.h b/include/hash.h index dc21678045..2a3632623b 100644 --- a/include/hash.h +++ b/include/hash.h @@ -6,6 +6,18 @@ #ifndef _HASH_H #define _HASH_H +/* + * Maximum digest size for all algorithms we support. Having this value + * avoids a malloc() or C99 local declaration in common/cmd_hash.c. + */ +#define HASH_MAX_DIGEST_SIZE 32 + +enum { + HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */ + HASH_FLAG_ENV = 1 << 1, /* Allow env vars */ +}; + +#ifndef USE_HOSTCC #if defined(CONFIG_SHA1SUM_VERIFY) || defined(CONFIG_CRC32_VERIFY) #define CONFIG_HASH_VERIFY #endif @@ -65,17 +77,6 @@ struct hash_algo { int size); }; -/* - * Maximum digest size for all algorithms we support. Having this value - * avoids a malloc() or C99 local declaration in common/cmd_hash.c. - */ -#define HASH_MAX_DIGEST_SIZE 32 - -enum { - HASH_FLAG_VERIFY = 1 << 0, /* Enable verify mode */ - HASH_FLAG_ENV = 1 << 1, /* Allow env vars */ -}; - /** * hash_command: Process a hash command for a particular algorithm * @@ -125,4 +126,5 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, * @return 0 if ok, -EPROTONOSUPPORT for an unknown algorithm. */ int hash_lookup_algo(const char *algo_name, struct hash_algo **algop); +#endif /* !USE_HOSTCC */ #endif diff --git a/include/image.h b/include/image.h index 132abdf055..b71e4ba35f 100644 --- a/include/image.h +++ b/include/image.h @@ -45,6 +45,7 @@ struct lmb; #endif /* USE_HOSTCC */ #if defined(CONFIG_FIT) +#include #include #include # ifdef CONFIG_SPL_BUILD @@ -706,7 +707,7 @@ int bootz_setup(ulong image, ulong *start, ulong *end); #define FIT_FDT_PROP "fdt" #define FIT_DEFAULT_PROP "default" -#define FIT_MAX_HASH_LEN 20 /* max(crc32_len(4), sha1_len(20)) */ +#define FIT_MAX_HASH_LEN HASH_MAX_DIGEST_SIZE /* cmdline argument format parsing */ int fit_parse_conf(const char *spec, ulong addr_curr,