| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- From 8679e8b4a1ebdb40c4429e49368d29353e07b601 Mon Sep 17 00:00:00 2001
- From: John Thomson <[email protected]>
- Date: Mon, 2 Sep 2024 15:25:08 +0100
- Subject: [PATCH] nvmem: u-boot-env: error if NVMEM device is too small
- MIME-Version: 1.0
- Content-Type: text/plain; charset=UTF-8
- Content-Transfer-Encoding: 8bit
- Verify data size before trying to parse it to avoid reading out of
- buffer. This could happen in case of problems at MTD level or invalid DT
- bindings.
- Signed-off-by: John Thomson <[email protected]>
- Cc: stable <[email protected]>
- Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables")
- [rmilecki: simplify commit description & rebase]
- Signed-off-by: Rafał Miłecki <[email protected]>
- Signed-off-by: Srinivas Kandagatla <[email protected]>
- Link: https://lore.kernel.org/r/[email protected]
- Signed-off-by: Greg Kroah-Hartman <[email protected]>
- ---
- drivers/nvmem/u-boot-env.c | 7 +++++++
- 1 file changed, 7 insertions(+)
- --- a/drivers/nvmem/u-boot-env.c
- +++ b/drivers/nvmem/u-boot-env.c
- @@ -176,6 +176,13 @@ static int u_boot_env_parse(struct u_boo
- data_offset = offsetof(struct u_boot_env_image_broadcom, data);
- break;
- }
- +
- + if (dev_size < data_offset) {
- + dev_err(dev, "Device too small for u-boot-env\n");
- + err = -EIO;
- + goto err_kfree;
- + }
- +
- crc32_addr = (__le32 *)(buf + crc32_offset);
- crc32 = le32_to_cpu(*crc32_addr);
- crc32_data_len = dev_size - crc32_data_offset;
|
