[Skiboot] [PATCH v3 0/4] Fixes from fuzzing secure variables
Daniel Axtens
dja at axtens.net
Wed Jul 14 12:57:11 AEST 2021
v2: Add tests, thanks Nayna Jain.
v3: Defer things that are less urgent.
I hooked up LLVM's libfuzzer to libstb/secvar and found some mostly
minor bugs.
My series applies on top of Nick Child's fixes (which fix some other
bugs that could be found by fuzzing).
The patches fix bugs in the secvar code and our pkcs7 implementation
for mbedtls:
- Patch 1 and 4 prevent over-reads.
- Patch 2 prevents an integer underflow that would lead to us
zallocing an enormous amount of memory.
- Patch 3 prevents a memory leak.
Daniel Axtens (4):
secvar/backend: Don't overread data in auth descriptor
secvar/backend: fix an integer underflow bug
secvar/backend: fix a memory leak in get_pkcs7
pkcs7: pkcs7_get_content_info_type should reset *p on error
libstb/crypto/pkcs7/pkcs7.c | 4 +-
libstb/secvar/backend/edk2-compat-process.c | 7 +
libstb/secvar/test/Makefile.check | 5 +-
libstb/secvar/test/data/KEKeslcorrupt.h | 161 +++++++++++++++++++
libstb/secvar/test/data/KEKpkcs7corrupt.h | 161 +++++++++++++++++++
libstb/secvar/test/secvar-test-edk2-compat.c | 52 ++++++
libstb/secvar/test/secvar-test-pkcs7.c | 32 ++++
7 files changed, 420 insertions(+), 2 deletions(-)
create mode 100644 libstb/secvar/test/data/KEKeslcorrupt.h
create mode 100644 libstb/secvar/test/data/KEKpkcs7corrupt.h
create mode 100644 libstb/secvar/test/secvar-test-pkcs7.c
--
2.30.2
More information about the Skiboot
mailing list