TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nvmem: u-boot-env: error if NVMEM device is too small

Browse Source 
commit 8679e8b4a1 upstream.

Verify data size before trying to parse it to avoid reading out of
buffer. This could happen in case of problems at MTD level or invalid DT
bindings.

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Cc: stable <stable@kernel.org>
Fixes: d5542923f2 ("nvmem: add driver handling U-Boot environment variables")
[rmilecki: simplify commit description & rebase]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20240902142510.71096-2-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
John Thomson
2024-09-02 15:25:08 +01:00
committed by Greg Kroah-Hartman
parent 540ca4c902
commit f78addda7a
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
drivers/nvmem/u-boot-env.c
+7
View File
@@ -176,6 +176,13 @@ static int u_boot_env_parse(struct u_boot_env *priv)
data_offset = offsetof(struct u_boot_env_image_broadcom, data);
break;
}
if (dev_size < data_offset) {
dev_err(dev, "Device too small for u-boot-env\n");
err = -EIO;
goto err_kfree;
}
crc32_addr = (__le32 *)(buf + crc32_offset);
crc32 = le32_to_cpu(*crc32_addr);
crc32_data_len = dev_size - crc32_data_offset;