[Skiboot] [PATCH v3 0/4] Fixes from fuzzing secure variables
Nayna
nayna at linux.vnet.ibm.com
Fri Jul 16 05:19:33 AEST 2021
On 7/13/21 10:57 PM, Daniel Axtens wrote:
> v2: Add tests, thanks Nayna Jain.
> v3: Defer things that are less urgent.
>
> I hooked up LLVM's libfuzzer to libstb/secvar and found some mostly
> minor bugs.
>
> My series applies on top of Nick Child's fixes (which fix some other
> bugs that could be found by fuzzing).
>
> The patches fix bugs in the secvar code and our pkcs7 implementation
> for mbedtls:
>
> - Patch 1 and 4 prevent over-reads.
>
> - Patch 2 prevents an integer underflow that would lead to us
> zallocing an enormous amount of memory.
>
> - Patch 3 prevents a memory leak.
Thanks Daniel !!
Reviewed-by: Nayna Jain <nayna at linux.ibm.com>
Tested-by: Nayna Jain <nayna at linux.ibm.com>
Thanks & Regards,
- Nayna
More information about the Skiboot
mailing list