Fix integer overflows in BL1 FWU code

Fork: 0

LuminaSensum / arm-trusted-firmware

Browse code Fix integer overflows in BL1 FWU code Before adding a base address and a size to compute the end address of an image to copy or authenticate, check this won't result in an integer overflow. If it does then consider the input arguments are invalid. As a result, bl1_plat_mem_check() can now safely assume the end address (computed as the sum of the base address and size of the memory region) doesn't overflow, as the validation is done upfront in bl1_fwu_image_copy/auth(). A debug assertion has been added nonetheless in the ARM implementation in order to help catching such problems, should bl1_plat_mem_check() be called in a different context in the future. Fixes TFV-1: Malformed Firmware Update SMC can result in copy of unexpectedly large data into secure memory Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Signed-off-by: Dan Handley <dan.handley@arm.com> WIP_v2.3-LS master v2.2-LS v2.4-LS v2.3-rc2 v2.3-rc1 v2.3-rc0 v2.3 v2.2-rc2 v2.2-rc1 v2.2-rc0 v2.2 v2.1-rc1 v2.1-rc0 v2.1 v2.0-rc0 v2.0 v1.6-rc1 v1.6-rc0 v1.6 v1.5-rc3 v1.5-rc2 v1.5-rc1 v1.5-rc0 v1.5 v1.4-rc0 v1.4
1 parent 1bfb706 commit 949a52d24eea48a58608645b6536ab7158abcbbb Sandrine Bailleux authored on 11 Nov 2016 Dan Handley committed on 20 Dec 2016

Browse code

Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it does then consider
the input arguments are invalid.

As a result, bl1_plat_mem_check() can now safely assume the
end address (computed as the sum of the base address and size
of the memory region) doesn't overflow, as the validation is
done upfront in bl1_fwu_image_copy/auth(). A debug assertion
has been added nonetheless in the ARM implementation in order
to help catching such problems, should bl1_plat_mem_check()
be called in a different context in the future.

Fixes TFV-1: Malformed Firmware Update SMC can result in copy
of unexpectedly large data into secure memory

Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>

WIP_v2.3-LS master v2.2-LS v2.4-LS v2.3-rc2 v2.3-rc1 v2.3-rc0 v2.3 v2.2-rc2 v2.2-rc1 v2.2-rc0 v2.2 v2.1-rc1 v2.1-rc0 v2.1 v2.0-rc0 v2.0 v1.6-rc1 v1.6-rc0 v1.6 v1.5-rc3 v1.5-rc2 v1.5-rc1 v1.5-rc0 v1.5 v1.4-rc0 v1.4

1 parent 1bfb706 commit 949a52d24eea48a58608645b6536ab7158abcbbb

Sandrine Bailleux authored on 11 Nov 2016

Dan Handley committed on 20 Dec 2016

Patch

Unified Split

Showing 2 changed files

Ignore Space Show notes View bl1/bl1_fwu.c

Ignore Space Show notes View plat/arm/common/arm_bl1_fwu.c

Show line notes below