[PATCH u-boot v2019.04-aspeed-openbmc] as2600/scu: Fix printing of security info

Joel Stanley joel at jms.id.au
Thu Mar 10 15:58:01 AEDT 2022


The current code misses initialising the char buffer 'alg' to zero,
causing the sprintf to potentially write past the end of the buffer.

Most of the time strlen happened upon a 0 early in the buffer, and the
resulting string would be constructed in bounds:

 Secure Boot: Mode_2, m��ERSA4096_SHA512

Avoid the issue by not constructing the string in memory. Instead print
it out as the bits are parsed.

Fixes: dd27b24b13d5 ("ARM: Aspeed: update secure boot information")
Signed-off-by: Joel Stanley <joel at jms.id.au>
---
 arch/arm/mach-aspeed/ast2600/scu_info.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/arch/arm/mach-aspeed/ast2600/scu_info.c b/arch/arm/mach-aspeed/ast2600/scu_info.c
index 606b2445e7de..a2277eec584d 100644
--- a/arch/arm/mach-aspeed/ast2600/scu_info.c
+++ b/arch/arm/mach-aspeed/ast2600/scu_info.c
@@ -95,7 +95,6 @@ void aspeed_print_security_info(void)
 	u32 sb_sts = readl(ASPEED_SB_STS);
 	u32 hash;
 	u32 rsa;
-	char alg[20];
 
 	if (!(sb_sts & BIT(6)))
 		return;
@@ -104,38 +103,39 @@ void aspeed_print_security_info(void)
 		hash = (qsr >> 10) & 3;
 		rsa = (qsr >> 12) & 3;
 
+		printf("Mode_2, ");
+
 		if (qsr & BIT(27)) {
-			sprintf(alg + strlen(alg), "AES_");
+			printf("AES_");
 		}
 		switch (rsa) {
 		case 0:
-			sprintf(alg + strlen(alg), "RSA1024_");
+			printf("RSA1024_");
 			break;
 		case 1:
-			sprintf(alg + strlen(alg), "RSA2048_");
+			printf("RSA2048_");
 			break;
 		case 2:
-			sprintf(alg + strlen(alg), "RSA3072_");
+			printf("RSA3072_");
 			break;
 		default:
-			sprintf(alg + strlen(alg), "RSA4096_");
+			printf("RSA4096_");
 			break;
 		}
 		switch (hash) {
 		case 0:
-			sprintf(alg + strlen(alg), "SHA224");
+			printf("SHA224\n");
 			break;
 		case 1:
-			sprintf(alg + strlen(alg), "SHA256");
+			printf("SHA256\n");
 			break;
 		case 2:
-			sprintf(alg + strlen(alg), "SHA384");
+			printf("SHA384\n");
 			break;
 		default:
-			sprintf(alg + strlen(alg), "SHA512");
+			printf("SHA512\n");
 			break;
 		}
-		printf("Mode_2, %s\n", alg);
 	} else {
 		printf("Mode_GCM\n");
 		return;
-- 
2.34.1



More information about the openbmc mailing list