70d420f205fb63f33842e88f5f0e7e3351c78884
[openwrt/staging/xback.git] /
1 From 8679e8b4a1ebdb40c4429e49368d29353e07b601 Mon Sep 17 00:00:00 2001
2 From: John Thomson <git@johnthomson.fastmail.com.au>
3 Date: Mon, 2 Sep 2024 15:25:08 +0100
4 Subject: [PATCH] nvmem: u-boot-env: error if NVMEM device is too small
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 Verify data size before trying to parse it to avoid reading out of
10 buffer. This could happen in case of problems at MTD level or invalid DT
11 bindings.
12
13 Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
14 Cc: stable <stable@kernel.org>
15 Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables")
16 [rmilecki: simplify commit description & rebase]
17 Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
18 Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
19 Link: https://lore.kernel.org/r/20240902142510.71096-2-srinivas.kandagatla@linaro.org
20 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
21 ---
22 drivers/nvmem/u-boot-env.c | 7 +++++++
23 1 file changed, 7 insertions(+)
24
25 --- a/drivers/nvmem/u-boot-env.c
26 +++ b/drivers/nvmem/u-boot-env.c
27 @@ -176,6 +176,13 @@ static int u_boot_env_parse(struct u_boo
28 data_offset = offsetof(struct u_boot_env_image_broadcom, data);
29 break;
30 }
31 +
32 + if (dev_size < data_offset) {
33 + dev_err(dev, "Device too small for u-boot-env\n");
34 + err = -EIO;
35 + goto err_kfree;
36 + }
37 +
38 crc32_addr = (__le32 *)(buf + crc32_offset);
39 crc32 = le32_to_cpu(*crc32_addr);
40 crc32_data_len = dev_size - crc32_data_offset;