[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] device_tree: check device tree blob file size
|
From: |
P J P |
|
Subject: |
Re: [Qemu-devel] [PATCH] device_tree: check device tree blob file size |
|
Date: |
Fri, 22 Mar 2019 15:40:50 +0530 (IST) |
+-- On Fri, 22 Mar 2019, Peter Maydell wrote --+
| This document is specific to aarch64, but the part of
| QEMU's device tree code being modified here is
| architecture independent.
|
| Cc'ing David Gibson who will probably know if there is
| an architecture-independent limit on DTB size we should
| be enforcing, or whether we are better just to have a check
| that avoids the overflow.
Thank you for CC'ing David. It seems Agraf did not receive email @suse.de.
Current limit defined by FDT_MAX_SIZE is ~1MB.
device_tree.c:
#define FDT_MAX_SIZE 0x100000
| It's also worth noting in the commit message that this is
| not a security problem -- even if the "add 10000 and double"
| calculation overflows, the load_image_size() function will
| not load more data into the buffer than will fit, so the
| behaviour will be to truncate the DTB.
True, load_image_size() helps to avoid buffer overflow issue.
Proposed check (dt_size > FDT_MAX_SIZE) in this patch is to enforce same size
limit as used in create_device_tree() and avoid loading large files and the
said integer overflow.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F