From: Stefan Roese <sr@denx.de>
To: "Marek Behún" <kabel@kernel.org>
Cc: u-boot@lists.denx.de, pali@kernel.org,
"Chris Packham" <judge.packham@gmail.com>,
"Baruch Siach" <baruch@tkos.co.il>,
"Dennis Gilmore" <dgilmore@redhat.com>,
"Mario Six" <mario.six@gdsys.cc>,
"Jon Nettleton" <jon@solid-run.com>,
"Marek Behún" <marek.behun@nic.cz>
Subject: Re: [PATCH u-boot-marvell v3 02/39] tools: kwboot: Fix buffer overflow in kwboot_terminal()
Date: Fri, 1 Oct 2021 08:14:10 +0200 [thread overview]
Message-ID: <351a5fb5-0924-9908-048a-c6ca7f4a49b6@denx.de> (raw)
In-Reply-To: <20210924210716.29752-3-kabel@kernel.org>
On 24.09.21 23:06, Marek Behún wrote:
> From: Marek Behún <marek.behun@nic.cz>
>
> The `in` variable is set to -1 in kwboot_terminal() if stdin is not a
> tty. In this case we should not look whether -1 is set in fd_set, for it
> can lead to a buffer overflow, which can be reproduced with
> echo "xyz" | ./tools/kwboot -t /dev/ttyUSB0
>
> Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Thanks,
Stefan
> ---
> tools/kwboot.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/kwboot.c b/tools/kwboot.c
> index 7feeaa45a2..e6e99849a7 100644
> --- a/tools/kwboot.c
> +++ b/tools/kwboot.c
> @@ -552,7 +552,7 @@ kwboot_terminal(int tty)
> break;
> }
>
> - if (FD_ISSET(in, &rfds)) {
> + if (in >= 0 && FD_ISSET(in, &rfds)) {
> rc = kwboot_term_pipe(in, tty, quit, &s);
> if (rc)
> break;
>
Viele Grüße,
Stefan
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr@denx.de
next prev parent reply other threads:[~2021-10-01 6:14 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-24 21:06 [PATCH u-boot-marvell v3 00/39] kwboot higher baudrate Marek Behún
2021-08-17 22:59 ` [PATCH u-boot-marvell v3 19/39] tools: kwbimage: Simplify iteration over version 1 optional headers Marek Behún
2021-08-25 12:49 ` [PATCH u-boot-marvell v3 39/39] MAINTAINERS: Add entry for kwbimage / kwboot tools Marek Behún
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 01/39] tools: kwbimage: Fix printf format warning Marek Behún
2021-10-01 6:00 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 02/39] tools: kwboot: Fix buffer overflow in kwboot_terminal() Marek Behún
2021-10-01 6:14 ` Stefan Roese [this message]
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 03/39] tools: kwboot: Make the quit sequence buffer const Marek Behún
2021-10-01 6:14 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 04/39] tools: kwboot: Refactor and fix writing buffer Marek Behún
2021-10-01 6:14 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 05/39] tools: kwboot: Print version information header Marek Behún
2021-10-01 6:15 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 06/39] tools: kwboot: Fix kwboot_xm_sendblock() function when kwboot_tty_recv() fails Marek Behún
2021-10-01 6:15 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 07/39] tools: kwboot: Fix return type of kwboot_xm_makeblock() function Marek Behún
2021-10-01 6:15 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 08/39] tools: kwboot: Fix comparison of integers with different size Marek Behún
2021-10-01 6:16 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 09/39] tools: kwboot: Fix printing progress Marek Behún
2021-10-01 6:16 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 10/39] tools: kwboot: Print newline on error when progress was not completed Marek Behún
2021-10-01 6:16 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 11/39] tools: kwboot: Split sending image into header and data stages Marek Behún
2021-10-01 6:17 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 12/39] tools: kwboot: Use a function to check whether received byte is a Xmodem reply Marek Behún
2021-10-01 6:17 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 13/39] tools: kwboot: Allow non-xmodem text output from BootROM only in a specific case Marek Behún
2021-10-01 6:19 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 14/39] tools: kwboot: Print new line after SPL output Marek Behún
2021-10-01 6:20 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 15/39] tools: kwboot: Allow greater timeout when executing header code Marek Behún
2021-10-01 6:20 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 16/39] tools: kwboot: Prevent waiting indefinitely if no xmodem reply is received Marek Behún
2021-10-01 6:21 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 17/39] tools: kwboot: Properly finish xmodem transfer Marek Behún
2021-10-01 6:21 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 18/39] tools: kwboot: Always call kwboot_img_patch_hdr() Marek Behún
2021-10-01 6:22 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 20/39] tools: kwboot: Don't patch image header if signed Marek Behún
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 21/39] tools: kwboot: Patch source address in image header Marek Behún
2021-10-01 6:22 ` Stefan Roese
2021-09-24 21:06 ` [PATCH u-boot-marvell v3 22/39] tools: kwboot: Patch destination address to DDR area for SPI image Marek Behún
2021-10-01 6:23 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 23/39] tools: kwbimage: Refactor image_version() Marek Behún
2021-10-01 6:23 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 24/39] tools: kwbimage: Refactor kwbimage header size determination Marek Behún
2021-10-01 6:23 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 25/39] tools: kwbimage: Update comments describing kwbimage v1 structures Marek Behún
2021-10-01 6:24 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 26/39] tools: kwboot: Round up header size to 128 B when patching Marek Behún
2021-10-01 6:24 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 27/39] tools: kwboot: Explicitly check against size of struct main_hdr_v1 Marek Behún
2021-10-01 6:24 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 28/39] tools: kwboot: Support higher baudrates when booting via UART Marek Behún
2021-10-01 6:27 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 29/39] tools: kwboot: Allow any baudrate on Linux Marek Behún
2021-10-01 6:28 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 30/39] tools: kwboot: Check whether baudrate was set to requested value Marek Behún
2021-10-01 6:29 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 31/39] tools: kwboot: Fix initializing tty device Marek Behún
2021-10-01 6:29 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 32/39] tools: kwboot: Disable tty interbyte timeout Marek Behún
2021-10-01 6:29 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 33/39] tools: kwboot: Disable non-blocking mode Marek Behún
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 34/39] tools: kwboot: Cosmetic fix Marek Behún
2021-10-01 6:30 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 35/39] tools: kwboot: Avoid code repetition in kwboot_img_patch() Marek Behún
2021-10-01 6:30 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 36/39] tools: kwboot: Update file header Marek Behún
2021-10-01 6:30 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 37/39] tools: kwboot: Add Pali and Marek as authors Marek Behún
2021-10-01 6:30 ` Stefan Roese
2021-09-24 21:07 ` [PATCH u-boot-marvell v3 38/39] doc/kwboot.1: Update man page Marek Behún
2021-10-01 6:31 ` Stefan Roese
2021-09-30 18:14 ` [PATCH u-boot-marvell v3 00/39] kwboot higher baudrate Pali Rohár
2021-10-01 4:52 ` Stefan Roese
2021-10-01 7:46 ` Stefan Roese
2021-10-01 9:16 ` Marek Behún
2021-10-01 9:23 ` Stefan Roese
2021-10-01 9:34 ` Marek Behún
2021-10-01 9:28 ` Pali Rohár
2021-10-01 9:58 ` Stefan Roese
2021-10-01 10:09 ` Pali Rohár
2021-10-01 10:28 ` Stefan Roese
2021-10-01 10:39 ` Pali Rohár
2021-10-01 10:43 ` Stefan Roese
2021-10-01 10:49 ` Pali Rohár
2021-10-01 11:01 ` Stefan Roese
2021-10-01 12:59 ` Tom Rini
2021-10-03 9:52 ` Stefan Roese
2021-10-01 10:36 ` Marek Behún
2021-10-01 10:40 ` Stefan Roese
2021-10-01 10:45 ` Marek Behún
2021-10-22 8:38 ` Stefan Roese
2021-10-22 8:48 ` Pali Rohár
2021-10-22 8:50 ` Stefan Roese
[not found] ` <20210924210716.29752-40-kabel@kernel.org>
2021-10-01 6:31 ` [PATCH u-boot-marvell v3 39/39] MAINTAINERS: Add entry for kwbimage / kwboot tools Stefan Roese
2021-10-01 12:33 ` [PATCH u-boot-marvell v3 00/39] kwboot higher baudrate Stefan Roese
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=351a5fb5-0924-9908-048a-c6ca7f4a49b6@denx.de \
--to=sr@denx.de \
--cc=baruch@tkos.co.il \
--cc=dgilmore@redhat.com \
--cc=jon@solid-run.com \
--cc=judge.packham@gmail.com \
--cc=kabel@kernel.org \
--cc=marek.behun@nic.cz \
--cc=mario.six@gdsys.cc \
--cc=pali@kernel.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).