diff options
author | John Thomson <git@johnthomson.fastmail.com.au> | 2024-09-02 16:25:08 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-09-03 12:20:38 +0200 |
commit | 8679e8b4a1ebdb40c4429e49368d29353e07b601 (patch) | |
tree | 0f2a909dfe910be115e372ff64c1744af5ca53ab | |
parent | misc: fastrpc: Fix double free of 'buf' in error path (diff) | |
download | linux-8679e8b4a1ebdb40c4429e49368d29353e07b601.tar.xz linux-8679e8b4a1ebdb40c4429e49368d29353e07b601.zip |
nvmem: u-boot-env: error if NVMEM device is too small
Verify data size before trying to parse it to avoid reading out of
buffer. This could happen in case of problems at MTD level or invalid DT
bindings.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Cc: stable <stable@kernel.org>
Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables")
[rmilecki: simplify commit description & rebase]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20240902142510.71096-2-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | drivers/nvmem/u-boot-env.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/nvmem/u-boot-env.c b/drivers/nvmem/u-boot-env.c index 936e39b20b38..593f0bf4a395 100644 --- a/drivers/nvmem/u-boot-env.c +++ b/drivers/nvmem/u-boot-env.c @@ -176,6 +176,13 @@ static int u_boot_env_parse(struct u_boot_env *priv) data_offset = offsetof(struct u_boot_env_image_broadcom, data); break; } + + if (dev_size < data_offset) { + dev_err(dev, "Device too small for u-boot-env\n"); + err = -EIO; + goto err_kfree; + } + crc32_addr = (__le32 *)(buf + crc32_offset); crc32 = le32_to_cpu(*crc32_addr); crc32_data_len = dev_size - crc32_data_offset; |