cbfstool: Fix CBFS header buffer overflow

In the unlikely but possible event where the name of the CBFS file is
longer than 232 characters, `cbfs_create_file_header()' would overflow
the buffer it allocated when it copies the CBFS filename.

Change-Id: If1825b5af21f7a20ce2a7ccb2d45b195c2fb67b0
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/78500
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Eric Lai <ericllai@google.com>
Reviewed-by: Julius Werner <jwerner@chromium.org>
This commit is contained in:
Jeremy Compostella
2023-10-23 13:00:33 -07:00
committed by Matt DeVillier
parent 3e57c57480
commit 66df100930
2 changed files with 30 additions and 12 deletions

View File

@@ -650,6 +650,8 @@ static int cbfs_add_integer_component(const char *name,
header = cbfs_create_file_header(CBFS_TYPE_RAW,
buffer.size, name);
if (!header)
goto done;
enum vb2_hash_algorithm algo = get_mh_cache()->cbfs_hash.algo;
if (algo != VB2_HASH_INVALID)
@@ -774,6 +776,8 @@ static int cbfs_add_master_header(void)
/* Never add a hash attribute to the master header. */
header = cbfs_create_file_header(CBFS_TYPE_CBFSHEADER,
buffer_size(&buffer), name);
if (!header)
goto done;
if (cbfs_add_entry(&image, &buffer, 0, header, 0) != 0) {
ERROR("Failed to add cbfs master header into ROM image.\n");
goto done;
@@ -915,6 +919,8 @@ static int cbfs_add_component(const char *filename,
struct cbfs_file *header =
cbfs_create_file_header(param.type, buffer.size, name);
if (!header)
goto error;
/* Bootblock and CBFS header should never have file hashes. When adding
the bootblock it is important that we *don't* look up the metadata