Google Git
Sign in
kernel / pub / scm / linux / kernel / git / gregkh / kexec-tools / 90f7609a739d24faffab41422185b9f1a65573da
commit90f7609a739d24faffab41422185b9f1a65573da[log] [tgz]
authorSuzuki K. Poulose <suzuki@in.ibm.com>Wed Mar 06 14:09:47 2013 +0530
committerSimon Horman <horms@verge.net.au>Fri Mar 08 13:57:30 2013 +0900
tree51a3856d516d30c2b3250e49219d3a3dd3c47336
parent4255d2b07d231a3ff037fdf5aafa80e4f90c937d [diff]
kexec/uImage: Fix the payload length in uImage_load

For payloads without any compression, the image->len
is set to the length of the entire uImage which includes
the uImage header. This should be filled in from
ih_size field of the uImage header.

This can cause a buffer overflow, leading the sha256_process
to overrun the initrd buffer. Also, prevents a vulnerability
where the image has been appended with additional data. The
crc check is performed only when compiled with zlib.

TODO: Implement CRC check if ZLIB is not compiled in.

Reported-by: Nathan Miller <nathanm2@us.ibm.com>

Signed-off-by: Suzuki K. Poulose <suzuki@in.ibm.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
1 file changed
tree: 51a3856d516d30c2b3250e49219d3a3dd3c47336
  1. config/
  2. doc/
  3. include/
  4. kdump/
  5. kexec/
  6. kexec_test/
  7. purgatory/
  8. util/
  9. util_lib/
  10. vmcore-dmesg/
  11. .gitignore
  12. AUTHORS
  13. bootstrap
  14. configure.ac
  15. COPYING
  16. INSTALL
  17. kexec-tools.spec.in
  18. Makefile.in
  19. News
  20. TODO