[Skiboot] [EXTERNAL] [PATCH] libstb: Fix memcpy overread in fakenv_readpublic() - is truncation correct?
Reza Arbab
arbab at linux.ibm.com
Thu May 26 07:17:21 AEST 2022
On Wed, May 25, 2022 at 08:56:49PM +0000, Kenneth Goldman wrote:
>[kgold] Is truncating the Name the right solution?
>
>I would have thought that, if the source length is greater than the
>target length, an error results. The size of the target should be that
>of the largest hash algorithm. If a Name is larger, didn't something
>go badly wrong?
It's actually the opposite. The source buffer is 34 bytes and the
destination buffer is 132 bytes. The bug is that we're using the
destination buffer's size as the argument to memcpy, which will result
in an overread of the source.
--
Reza Arbab
More information about the Skiboot
mailing list