TODO

Signed-off-by: Leah Rowe <leah@libreboot.org>

2 files changed, 19 insertions, 0 deletions

diff --git a/util/libreboot-utils/lib/file.c b/util/libreboot-utils/lib/file.c
index 4623748c..3620f425 100644
--- a/util/libreboot-utils/lib/file.c
+++ b/util/libreboot-utils/lib/file.c
@@ -691,6 +691,10 @@ rootfs(void)
 }
 
 /* filesystem sandboxing in userspace
+ * TODO:
+	missing length bound check.
+	potential CPU DoS on very long paths, spammed repeatedly.
+	perhaps cap at PATH_LEN?
  */
 int
 fs_resolve_at(int dirfd, const char *path, int flags)
@@ -754,6 +758,15 @@ err:
 	return -1;
 }
 
+/* NOTE:
+	rejects . and .. but not empty strings
+	after normalisation. edge case:
+	//////
+
+	normalised implicitly, but might be good
+	to add a defensive check regardless. code
+	probably not exploitable in current state.
+ */
 int
 fs_next_component(const char **p,
     char *name, size_t namesz)
diff --git a/util/libreboot-utils/lib/mkhtemp.c b/util/libreboot-utils/lib/mkhtemp.c
index 906de053..dda5eed4 100644
--- a/util/libreboot-utils/lib/mkhtemp.c
+++ b/util/libreboot-utils/lib/mkhtemp.c
@@ -821,6 +821,12 @@ err:
 }
 #endif
 
+/* TODO: potential infinite loop under entropy failure.
+ * e.g. keeps returning low quality RNG, or atacker
+ * has control (DoS attack potential).
+ * possible solution: add a timeout (and abort if
+ * the timeout is reached)
+ */
 int
 mkhtemp_fill_random(char *p, size_t xc)
 {