[Skiboot] [PATCH v3 0/4] Fixes from fuzzing secure variables
Vasant Hegde
hegdevasant at linux.vnet.ibm.com
Tue Jul 20 17:34:25 AEST 2021
On 7/14/21 8:27 AM, Daniel Axtens wrote:
> v2: Add tests, thanks Nayna Jain.
> v3: Defer things that are less urgent.
>
> I hooked up LLVM's libfuzzer to libstb/secvar and found some mostly
> minor bugs.
>
> My series applies on top of Nick Child's fixes (which fix some other
> bugs that could be found by fuzzing).
>
> The patches fix bugs in the secvar code and our pkcs7 implementation
> for mbedtls:
>
> - Patch 1 and 4 prevent over-reads.
>
> - Patch 2 prevents an integer underflow that would lead to us
> zallocing an enormous amount of memory.
>
> - Patch 3 prevents a memory leak.
Thanks! Merged series to master as of d8e13853e5.
-Vasant
More information about the Skiboot
mailing list