summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Thomson <git@johnthomson.fastmail.com.au>2024-09-02 16:25:08 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2024-09-03 12:20:38 +0200
commit8679e8b4a1ebdb40c4429e49368d29353e07b601 (patch)
tree0f2a909dfe910be115e372ff64c1744af5ca53ab
parentmisc: fastrpc: Fix double free of 'buf' in error path (diff)
downloadlinux-8679e8b4a1ebdb40c4429e49368d29353e07b601.tar.xz
linux-8679e8b4a1ebdb40c4429e49368d29353e07b601.zip
nvmem: u-boot-env: error if NVMEM device is too small
Verify data size before trying to parse it to avoid reading out of buffer. This could happen in case of problems at MTD level or invalid DT bindings. Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au> Cc: stable <stable@kernel.org> Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables") [rmilecki: simplify commit description & rebase] Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Link: https://lore.kernel.org/r/20240902142510.71096-2-srinivas.kandagatla@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--drivers/nvmem/u-boot-env.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/nvmem/u-boot-env.c b/drivers/nvmem/u-boot-env.c
index 936e39b20b38..593f0bf4a395 100644
--- a/drivers/nvmem/u-boot-env.c
+++ b/drivers/nvmem/u-boot-env.c
@@ -176,6 +176,13 @@ static int u_boot_env_parse(struct u_boot_env *priv)
data_offset = offsetof(struct u_boot_env_image_broadcom, data);
break;
}
+
+ if (dev_size < data_offset) {
+ dev_err(dev, "Device too small for u-boot-env\n");
+ err = -EIO;
+ goto err_kfree;
+ }
+
crc32_addr = (__le32 *)(buf + crc32_offset);
crc32 = le32_to_cpu(*crc32_addr);
crc32_data_len = dev_size - crc32_data_offset;