[Skiboot-stable] [PATCH 6.7.x 0/4] secure variable fixes from fuzzing
Daniel Axtens
dja at axtens.net
Wed Jul 21 14:00:26 AEST 2021
These patches, which apply on top of Nick's 4 patches, bring some
fixes from master to stable.
The justifications are all in the patches: they fix out-of-bounds reads,
a memory leak and an integer underflow bug that would lead to a massive
allocation.
Kind regards,
Daniel
Daniel Axtens (4):
secvar/backend: Don't overread data in auth descriptor
secvar/backend: fix an integer underflow bug
secvar/backend: fix a memory leak in get_pkcs7
pkcs7: pkcs7_get_content_info_type should reset *p on error
libstb/crypto/pkcs7/pkcs7.c | 4 +-
libstb/secvar/backend/edk2-compat-process.c | 7 +
libstb/secvar/test/Makefile.check | 5 +-
libstb/secvar/test/data/KEKeslcorrupt.h | 161 +++++++++++++++++++
libstb/secvar/test/data/KEKpkcs7corrupt.h | 161 +++++++++++++++++++
libstb/secvar/test/secvar-test-edk2-compat.c | 52 ++++++
libstb/secvar/test/secvar-test-pkcs7.c | 32 ++++
7 files changed, 420 insertions(+), 2 deletions(-)
create mode 100644 libstb/secvar/test/data/KEKeslcorrupt.h
create mode 100644 libstb/secvar/test/data/KEKpkcs7corrupt.h
create mode 100644 libstb/secvar/test/secvar-test-pkcs7.c
--
2.30.2
More information about the Skiboot-stable
mailing list