diff options
| author | Nico Huber <nico.h@gmx.de> | 2024-01-11 18:59:24 +0100 |
|---|---|---|
| committer | Felix Held <felix-coreboot@felixheld.de> | 2024-08-11 17:07:32 +0000 |
| commit | af0d4bce65df277b56e495892dff1c712ed76ddd (patch) | |
| tree | 73aef7f8fb6301f0af8e08e3f7f78823d0ebdfe6 /util/cbfstool/cse_serger.c | |
| parent | 0e9830884c118735ad0122c81156473d91f57cf1 (diff) | |
region: Introduce region_create() functions
We introduce two new functions to create region objects. They allow us
to check for integer overflows (region_create_untrusted()) or assert
their absence (region_create()).
This fixes potential overflows in region_overlap() checks in SMI
handlers, where we would wrongfully report MMIO as *not* overlapping
SMRAM.
Also, two cases of strtol() in parse_region() (cbfstool), where the
results were implicitly converted to `size_t`, are replaced with the
unsigned strtoul().
FIT payload support is left out, as it doesn't use the region API
(only the struct).
Change-Id: I4ae3e6274c981c9ab4fb1263c2a72fa68ef1c32b
Ticket: https://ticket.coreboot.org/issues/522
Found-by: Vadim Zaliva <lord@digamma.ai>
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/79905
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
Diffstat (limited to 'util/cbfstool/cse_serger.c')
| -rw-r--r-- | util/cbfstool/cse_serger.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/util/cbfstool/cse_serger.c b/util/cbfstool/cse_serger.c index f53b3904af..006a01e9be 100644 --- a/util/cbfstool/cse_serger.c +++ b/util/cbfstool/cse_serger.c @@ -820,15 +820,22 @@ static int cmd_add(void) return 0; } -static void parse_region(struct region *r, char *arg) +static int parse_region(struct region *r, char *arg) { char *tok; tok = strtok(arg, ":"); - r->offset = strtol(tok, NULL, 0); + unsigned long offset = strtoul(tok, NULL, 0); tok = strtok(NULL, ":"); - r->size = strtol(tok, NULL, 0); + unsigned long size = strtoul(tok, NULL, 0); + + if (region_create_untrusted(r, offset, size) != CB_SUCCESS) { + ERROR("Invalid region: %lx:%lx\n", offset, size); + return -1; + } + + return 0; } static struct command { @@ -991,19 +998,24 @@ int main(int argc, char **argv) params.partition_type = atoi(optarg); break; case LONGOPT_BP1: - parse_region(¶ms.layout_regions[BP1], optarg); + if (parse_region(¶ms.layout_regions[BP1], optarg)) + return 1; break; case LONGOPT_BP2: - parse_region(¶ms.layout_regions[BP2], optarg); + if (parse_region(¶ms.layout_regions[BP2], optarg)) + return 1; break; case LONGOPT_BP3: - parse_region(¶ms.layout_regions[BP3], optarg); + if (parse_region(¶ms.layout_regions[BP3], optarg)) + return 1; break; case LONGOPT_BP4: - parse_region(¶ms.layout_regions[BP4], optarg); + if (parse_region(¶ms.layout_regions[BP4], optarg)) + return 1; break; case LONGOPT_DATA: - parse_region(¶ms.layout_regions[DP], optarg); + if (parse_region(¶ms.layout_regions[DP], optarg)) + return 1; break; case LONGOPT_BP1_FILE: params.layout_files[BP1] = optarg; |