• Sandrine Bailleux's avatar
    Fix integer overflows in BL1 FWU code · 949a52d2
    Sandrine Bailleux authored
    
    
    Before adding a base address and a size to compute the end
    address of an image to copy or authenticate, check this
    won't result in an integer overflow. If it does then consider
    the input arguments are invalid.
    
    As a result, bl1_plat_mem_check() can now safely assume the
    end address (computed as the sum of the base address and size
    of the memory region) doesn't overflow, as the validation is
    done upfront in bl1_fwu_image_copy/auth(). A debug assertion
    has been added nonetheless in the ARM implementation in order
    to help catching such problems, should bl1_plat_mem_check()
    be called in a different context in the future.
    
    Fixes TFV-1: Malformed Firmware Update SMC can result in copy
    of unexpectedly large data into secure memory
    
    Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
    Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
    Signed-off-by: default avatarDan Handley <dan.handley@arm.com>
    949a52d2
arm_bl1_fwu.c 3.44 KB