diff options
Diffstat (limited to 'config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch')
| -rw-r--r-- | config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch b/config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch deleted file mode 100644 index dfc684e1..00000000 --- a/config/coreboot/coreboot413/patches/0001-cbfstool-Make-use-of-spurious-null-termination.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f22f408956bf02609a96b7d72fb3321da159bfc6 Mon Sep 17 00:00:00 2001 -From: Nico Huber <nico.huber@secunet.com> -Date: Tue, 22 Jun 2021 13:49:44 +0000 -Subject: [PATCH 1/1] cbfstool: Make use of spurious null-termination - -The null-termination of `filetypes` was added after the code was -written, obviously resulting in NULL dereferences. As some more -code has grown around the termination, it's hard to revert the -regression, so let's update the code that still used the array -length. - -This fixes commit 7f5f9331d1 (util/cbfstool: fix buffer over-read) -which actually did fix something, but only one path while it broke -two others. We should be careful with fixes, they can always break -something else. Especially when a dumb tool triggered the patching -it seems likely that fewer people looked into related code. - -Change-Id: If2ece1f5ad62952ed2e57769702e318ba5468f0c -Signed-off-by: Nico Huber <nico.huber@secunet.com> -Reviewed-on: https://review.coreboot.org/c/coreboot/+/55763 -Tested-by: build bot (Jenkins) <no-reply@coreboot.org> -Reviewed-by: Julius Werner <jwerner@chromium.org> ---- - util/cbfstool/common.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/util/cbfstool/common.c b/util/cbfstool/common.c -index e2ed38ffc4..539d0baccf 100644 ---- a/util/cbfstool/common.c -+++ b/util/cbfstool/common.c -@@ -168,10 +168,10 @@ void print_supported_architectures(void) - - void print_supported_filetypes(void) - { -- int i, number = ARRAY_SIZE(filetypes); -+ int i; - -- for (i=0; i<number; i++) { -- printf(" %s%c", filetypes[i].name, (i==(number-1))?'\n':','); -+ for (i=0; filetypes[i].name; i++) { -+ printf(" %s%c", filetypes[i].name, filetypes[i + 1].name ? ',' : '\n'); - if ((i%8) == 7) - printf("\n"); - } -@@ -180,7 +180,7 @@ void print_supported_filetypes(void) - uint64_t intfiletype(const char *name) - { - size_t i; -- for (i = 0; i < (sizeof(filetypes) / sizeof(struct typedesc_t)); i++) -+ for (i = 0; filetypes[i].name; i++) - if (strcmp(filetypes[i].name, name) == 0) - return filetypes[i].type; - return -1; --- -2.39.2 - |