mirrors/armbian_build
1
0
Fork 0
mirror of https://github.com/armbian/build.git synced 2025-08-15 23:56:57 +02:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
2d9cce1846
armbian_build/patch/u-boot/v2024.07/general-btrfs-fix-out-of-bounds-write.patch
Alex 314447dffd
patches: uboot: Improve KASLR support for v2024.07 (#7078) 
Reference patch set: https://patchwork.ozlabs.org/project/uboot/list/?series=411513&state=*

Hopefully, other boards using same uboot-version can benefit from the added support.

**Note for Maintainers -  to enable KASLR seed, you need:**
	- `CONFIG_RANDOMIZE_BASE=y` configured in your kernel .config
	- `CONFIG_CMD_KASLRSEED=y` and` CONFIG_DM_RNG=y` configure in your u-boot .config
	- exposed crypto and rng nodes in you board's device-tree
	- `kasrlseed` command before kernel boot in your boot.cmd
	- `CONFIG_SECURITY_DMESG_RESTRICT=y` in kernel .config is also advisable

* KASRL-supported u-boot 2024.07 for everyone:
- move /chosen/kaslr-seed support patchset to general 2024.07 BOOTPATCHDIR
- attach nanopi-r5c and oprangepi5-plus BOOTPACHDIR to patches/uboot/v2024.07 general dir

* u-boot: patch nanopi-r5c-rk3568_defconfig and orangepi-5-plus-rk3588_defconfig to enable KASLR

* rewrite-uboot-patches nanopi-r5c/orangepi5-plus

* patches: uboot: Improve kaslrseed support for v2024.07

---------

Co-authored-by: ColorfulRhino <131405023+ColorfulRhino@users.noreply.github.com>
2024-08-15 20:31:00 +00:00

47 lines
1.5 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Alex Shumsky <alexthreed@gmail.com>
Date: Wed, 19 Jun 2024 00:41:38 +0300
Subject: fs: btrfs: fix out of bounds write
Fix btrfs_read/read_and_truncate_page write out of bounds of destination
buffer. Old behavior break bootstd malloc'd buffers of exact file size.
Previously this OOB write have not been noticed because distroboot usually
read files into huge static memory areas.
Signed-off-by: Alex Shumsky <alexthreed@gmail.com>
Fixes: e342718 ("fs: btrfs: Implement btrfs_file_read()")
Reviewed-by: Qu Wenruo <wqu@suse.com>
---
fs/btrfs/inode.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 111111111111..222222222222 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -640,7 +640,11 @@ static int read_and_truncate_page(struct btrfs_path *path,
extent_type = btrfs_file_extent_type(leaf, fi);
if (extent_type == BTRFS_FILE_EXTENT_INLINE) {
ret = btrfs_read_extent_inline(path, fi, buf);
- memcpy(dest, buf + page_off, min(page_len, ret));
+ if (ret < 0) {
+ free(buf);
+ return ret;
+ }
+ memcpy(dest, buf + page_off, min3(page_len, ret, len));
free(buf);
return len;
}
@@ -652,7 +656,7 @@ static int read_and_truncate_page(struct btrfs_path *path,
free(buf);
return ret;
}
- memcpy(dest, buf + page_off, page_len);
+ memcpy(dest, buf + page_off, min(page_len, len));
free(buf);
return len;
}
--
Armbian
Reference in New Issue View Git Blame Copy Permalink