Re: [PATCH 03/12] libfdt: Safer access to strings section

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi David,

On 26 March 2018 at 07:25, David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> wrote:
> fdt_string() is used to retrieve strings from a DT blob's strings section.
> It's rarely used directly, but is widely used internally.
>
> However, it doesn't do any bounds checking, which means in the case of a
> corrupted blob it could access bad memory, which libfdt is supposed to
> avoid.
>
> This write a safe alternative to fdt_string, fdt_get_string().  It checks
> both that the given offset is within the string section and that the string
> it points to is properly \0 terminated within the section.  It also returns
> the string's length as a convenience (since it needs to determine to do the
> checks anyway).
>
> fdt_string() is rewritten in terms of fdt_get_string() for compatibility.
>
> Most of the diff here is actually testing infrastructure.
>
> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> ---
>  libfdt/fdt_ro.c          | 61 +++++++++++++++++++++++++++++++++++--
>  libfdt/libfdt.h          | 18 ++++++++++-
>  libfdt/version.lds       |  2 +-
>  tests/.gitignore         |  1 +
>  tests/Makefile.tests     |  2 +-
>  tests/run_tests.sh       |  1 +
>  tests/testdata.h         |  1 +
>  tests/testutils.c        | 11 +++++--
>  tests/trees.S            | 26 ++++++++++++++++
>  tests/truncated_string.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
>  10 files changed, 193 insertions(+), 9 deletions(-)
>  create mode 100644 tests/truncated_string.c

Similar code-size quesiton here. It looks like a lot of checking code.
Can we have an option to remove it?

>
> diff --git a/libfdt/fdt_ro.c b/libfdt/fdt_ro.c
> index 4f4ef44..347aa7b 100644
> --- a/libfdt/fdt_ro.c
> +++ b/libfdt/fdt_ro.c
> @@ -76,17 +76,72 @@ static int fdt_nodename_eq_(const void *fdt, int offset,
>                 return 0;
>  }
>
> +const char *fdt_get_string(const void *fdt, int stroffset, int *lenp)

Comment? The difference between fdt_get_string() and fdt_string() is
not obvious from the name.

Regards,
Simon
--
To unsubscribe from this list: send the line "unsubscribe devicetree-compiler" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Device Tree]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux