[Skiboot] [PATCH v3 0/4] Fixes from fuzzing secure variables

Nayna nayna at linux.vnet.ibm.com
Fri Jul 16 05:19:33 AEST 2021


On 7/13/21 10:57 PM, Daniel Axtens wrote:
> v2: Add tests, thanks Nayna Jain.
> v3: Defer things that are less urgent.
>
> I hooked up LLVM's libfuzzer to libstb/secvar and found some mostly
> minor bugs.
>
> My series applies on top of Nick Child's fixes (which fix some other
> bugs that could be found by fuzzing).
>
> The patches fix bugs in the secvar code and our pkcs7 implementation
> for mbedtls:
>
>   - Patch 1 and 4 prevent over-reads.
>   
>   - Patch 2 prevents an integer underflow that would lead to us
>     zallocing an enormous amount of memory.
>
>   - Patch 3 prevents a memory leak.

Thanks Daniel !!

Reviewed-by: Nayna Jain <nayna at linux.ibm.com>

Tested-by: Nayna Jain <nayna at linux.ibm.com>

Thanks & Regards,

     - Nayna



More information about the Skiboot mailing list