Files · 949a52d24eea48a58608645b6536ab7158abcbbb · adam.huang / Arm Trusted Firmware

Sandrine Bailleux authored 8 years ago

Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it does then consider
the input arguments are invalid.

As a result, bl1_plat_mem_check() can now safely assume the
end address (computed as the sum of the base address and size
of the memory region) doesn't overflow, as the validation is
done upfront in bl1_fwu_image_copy/auth(). A debug assertion
has been added nonetheless in the ARM implementation in order
to help catching such problems, should bl1_plat_mem_check()
be called in a different context in the future.

Fixes TFV-1: Malformed Firmware Update SMC can result in copy
of unexpectedly large data into secure memory

Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>

949a52d2

Name	Last commit	Last update
bl1	Fix integer overflows in BL1 FWU code	8 years ago
bl2	Define and use no_ret macro where no return is expected	8 years ago
bl2u	Define and use no_ret macro where no return is expected	8 years ago
bl31	Define and use no_ret macro where no return is expected	8 years ago
bl32	Merge pull request #775 from soby-mathew/sm/AArch32_stack_align	8 years ago
common	Export is_mem_free() function	8 years ago
docs	Merge pull request #785 from dp-arm/dp/nvcounter	8 years ago
drivers	tbbr: Fix updating of Non-Trusted NV counter	8 years ago
fdts	Fix incorrect copyright notices	8 years ago
include	Export is_mem_free() function	8 years ago
lib	Merge pull request #779 from dp-arm/dp/rtinstr-cache	8 years ago
make_helpers	Fix incorrect copyright notices	8 years ago
plat	Fix integer overflows in BL1 FWU code	8 years ago
services	Check Trusty is present during the SPD's initialization	8 years ago
tools	fiptool: Provide malloc/strdup wrappers to simplify error checking	8 years ago
.checkpatch.conf	Mandate 'Signed-off-by' line in commit messages	8 years ago
.gitignore	.gitignore: ignore editor backup files	8 years ago
Makefile	Enable TRUSTED_BOARD_BOOT support for LOAD_IMAGE_V2=1	8 years ago
acknowledgements.md	Add Xilinx to acknowledgements file	9 years ago
contributing.md	Drop requirement for CLA in contribution.md	8 years ago
dco.txt	Drop requirement for CLA in contribution.md	8 years ago
license.md	Update year in copyright text to 2014	11 years ago
readme.md	readme.md: Add tested Linaro release information for FVPs	8 years ago

readme.md

GitLab

Menu

Download source code