libretro/Lakka-LibreELEC
0
0
Fork 1
mirror of https://github.com/libretro/Lakka-LibreELEC.git synced 2025-03-05 22:14:35 +00:00
Code Issues
Lakka-LibreELEC/projects/Amlogic/patches/u-boot/u-boot-0005-FROMGIT-board-amlogic-fix-buffler-overflow-in-serial.patch
Christian Hewitt d7ea2b2184 u-boot: update Amlogic patches to fix Odroid N2 boot 
Signed-off-by: Christian Hewitt <christianshewitt@gmail.com>
2024-06-27 10:59:49 +00:00

270 lines
8.3 KiB
Diff
Raw Permalink Blame History

From 5feaed938c81cff592dbb7843fecba98a24ed105 Mon Sep 17 00:00:00 2001
From: Neil Armstrong <neil.armstrong@linaro.org>
Date: Wed, 20 Mar 2024 09:46:11 +0100
Subject: [PATCH 5/7] FROMGIT: board: amlogic: fix buffler overflow in serial,
mac & usid read
While meson_sm_read_efuse() doesn't overflow, the string is not
zero terminated and env_set*() will buffer overflow and add random
characters to environment.
Acked-by: Viacheslav Bocharov <adeep@lexina.in>
Link: https://lore.kernel.org/r/20240320-u-boot-fix-p200-serial-v2-1-972be646a301@linaro.org
Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
---
board/amlogic/beelink-s922x/beelink-s922x.c | 3 ++-
board/amlogic/jethub-j100/jethub-j100.c | 3 ++-
board/amlogic/jethub-j80/jethub-j80.c | 9 ++++++---
board/amlogic/odroid-n2/odroid-n2.c | 3 ++-
board/amlogic/p200/p200.c | 6 ++++--
board/amlogic/p201/p201.c | 6 ++++--
board/amlogic/p212/p212.c | 6 ++++--
board/amlogic/q200/q200.c | 6 ++++--
board/amlogic/vim3/vim3.c | 3 ++-
9 files changed, 30 insertions(+), 15 deletions(-)
diff --git a/board/amlogic/beelink-s922x/beelink-s922x.c b/board/amlogic/beelink-s922x/beelink-s922x.c
index adae27fc7e7..c2776310a3d 100644
--- a/board/amlogic/beelink-s922x/beelink-s922x.c
+++ b/board/amlogic/beelink-s922x/beelink-s922x.c
@@ -20,7 +20,7 @@
int misc_init_r(void)
{
- u8 mac_addr[MAC_ADDR_LEN];
+ u8 mac_addr[MAC_ADDR_LEN + 1];
char efuse_mac_addr[EFUSE_MAC_SIZE], tmp[3];
ssize_t len;
@@ -41,6 +41,7 @@ int misc_init_r(void)
tmp[2] = '\0';
mac_addr[i] = hextoul(tmp, NULL);
}
+ mac_addr[MAC_ADDR_LEN] = '\0';
if (is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
diff --git a/board/amlogic/jethub-j100/jethub-j100.c b/board/amlogic/jethub-j100/jethub-j100.c
index 6a2c4ad4c3c..010fc0df7d1 100644
--- a/board/amlogic/jethub-j100/jethub-j100.c
+++ b/board/amlogic/jethub-j100/jethub-j100.c
@@ -17,7 +17,7 @@
int misc_init_r(void)
{
- u8 mac_addr[ARP_HLEN];
+ u8 mac_addr[ARP_HLEN + 1];
char serial[SM_SERIAL_SIZE];
u32 sid;
@@ -34,6 +34,7 @@ int misc_init_r(void)
mac_addr[3] = (sid >> 16) & 0xff;
mac_addr[4] = (sid >> 8) & 0xff;
mac_addr[5] = (sid >> 0) & 0xff;
+ mac_addr[ARP_HLEN] = '\0';
eth_env_set_enetaddr("ethaddr", mac_addr);
}
diff --git a/board/amlogic/jethub-j80/jethub-j80.c b/board/amlogic/jethub-j80/jethub-j80.c
index 185880de139..0b781666e98 100644
--- a/board/amlogic/jethub-j80/jethub-j80.c
+++ b/board/amlogic/jethub-j80/jethub-j80.c
@@ -27,9 +27,9 @@
int misc_init_r(void)
{
- u8 mac_addr[EFUSE_MAC_SIZE];
- char serial[EFUSE_SN_SIZE];
- char usid[EFUSE_USID_SIZE];
+ u8 mac_addr[EFUSE_MAC_SIZE + 1];
+ char serial[EFUSE_SN_SIZE + 1];
+ char usid[EFUSE_USID_SIZE + 1];
ssize_t len;
unsigned int adcval;
int ret;
@@ -37,6 +37,7 @@ int misc_init_r(void)
if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
mac_addr, EFUSE_MAC_SIZE);
+ mac_addr[len] = '\0';
if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
else
@@ -46,6 +47,7 @@ int misc_init_r(void)
if (!env_get("serial")) {
len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
EFUSE_SN_SIZE);
+ serial[len] = '\0';
if (len == EFUSE_SN_SIZE)
env_set("serial", serial);
}
@@ -53,6 +55,7 @@ int misc_init_r(void)
if (!env_get("usid")) {
len = meson_sm_read_efuse(EFUSE_USID_OFFSET, usid,
EFUSE_USID_SIZE);
+ usid[len] = '\0';
if (len == EFUSE_USID_SIZE)
env_set("usid", usid);
}
diff --git a/board/amlogic/odroid-n2/odroid-n2.c b/board/amlogic/odroid-n2/odroid-n2.c
index ec1f4efc113..f840afbfd67 100644
--- a/board/amlogic/odroid-n2/odroid-n2.c
+++ b/board/amlogic/odroid-n2/odroid-n2.c
@@ -107,7 +107,7 @@ static int odroid_detect_variant(void)
int misc_init_r(void)
{
- u8 mac_addr[MAC_ADDR_LEN];
+ u8 mac_addr[MAC_ADDR_LEN + 1];
char efuse_mac_addr[EFUSE_MAC_SIZE], tmp[3];
ssize_t len;
@@ -128,6 +128,7 @@ int misc_init_r(void)
tmp[2] = '\0';
mac_addr[i] = hextoul(tmp, NULL);
}
+ mac_addr[MAC_ADDR_LEN] = '\0';
if (is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
diff --git a/board/amlogic/p200/p200.c b/board/amlogic/p200/p200.c
index 7c432f9d281..769e2735d27 100644
--- a/board/amlogic/p200/p200.c
+++ b/board/amlogic/p200/p200.c
@@ -21,13 +21,14 @@
int misc_init_r(void)
{
- u8 mac_addr[EFUSE_MAC_SIZE];
- char serial[EFUSE_SN_SIZE];
+ u8 mac_addr[EFUSE_MAC_SIZE + 1];
+ char serial[EFUSE_SN_SIZE + 1];
ssize_t len;
if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
mac_addr, EFUSE_MAC_SIZE);
+ mac_addr[len] = '\0';
if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
}
@@ -35,6 +36,7 @@ int misc_init_r(void)
if (!env_get("serial#")) {
len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
EFUSE_SN_SIZE);
+ serial[len] = '\0';
if (len == EFUSE_SN_SIZE)
env_set("serial#", serial);
}
diff --git a/board/amlogic/p201/p201.c b/board/amlogic/p201/p201.c
index 7c432f9d281..769e2735d27 100644
--- a/board/amlogic/p201/p201.c
+++ b/board/amlogic/p201/p201.c
@@ -21,13 +21,14 @@
int misc_init_r(void)
{
- u8 mac_addr[EFUSE_MAC_SIZE];
- char serial[EFUSE_SN_SIZE];
+ u8 mac_addr[EFUSE_MAC_SIZE + 1];
+ char serial[EFUSE_SN_SIZE + 1];
ssize_t len;
if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
mac_addr, EFUSE_MAC_SIZE);
+ mac_addr[len] = '\0';
if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
}
@@ -35,6 +36,7 @@ int misc_init_r(void)
if (!env_get("serial#")) {
len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
EFUSE_SN_SIZE);
+ serial[len] = '\0';
if (len == EFUSE_SN_SIZE)
env_set("serial#", serial);
}
diff --git a/board/amlogic/p212/p212.c b/board/amlogic/p212/p212.c
index fcef90bce56..f6e60ae3af1 100644
--- a/board/amlogic/p212/p212.c
+++ b/board/amlogic/p212/p212.c
@@ -22,13 +22,14 @@
int misc_init_r(void)
{
- u8 mac_addr[EFUSE_MAC_SIZE];
- char serial[EFUSE_SN_SIZE];
+ u8 mac_addr[EFUSE_MAC_SIZE + 1];
+ char serial[EFUSE_SN_SIZE + 1];
ssize_t len;
if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
mac_addr, EFUSE_MAC_SIZE);
+ mac_addr[len] = '\0';
if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
else
@@ -38,6 +39,7 @@ int misc_init_r(void)
if (!env_get("serial#")) {
len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
EFUSE_SN_SIZE);
+ serial[len] = '\0';
if (len == EFUSE_SN_SIZE)
env_set("serial#", serial);
}
diff --git a/board/amlogic/q200/q200.c b/board/amlogic/q200/q200.c
index 3aa6d8f200e..47f1566a9d3 100644
--- a/board/amlogic/q200/q200.c
+++ b/board/amlogic/q200/q200.c
@@ -22,13 +22,14 @@
int misc_init_r(void)
{
- u8 mac_addr[EFUSE_MAC_SIZE];
- char serial[EFUSE_SN_SIZE];
+ u8 mac_addr[EFUSE_MAC_SIZE + 1];
+ char serial[EFUSE_SN_SIZE + 1];
ssize_t len;
if (!eth_env_get_enetaddr("ethaddr", mac_addr)) {
len = meson_sm_read_efuse(EFUSE_MAC_OFFSET,
mac_addr, EFUSE_MAC_SIZE);
+ mac_addr[len] = '\0';
if (len == EFUSE_MAC_SIZE && is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
else
@@ -38,6 +39,7 @@ int misc_init_r(void)
if (!env_get("serial#")) {
len = meson_sm_read_efuse(EFUSE_SN_OFFSET, serial,
EFUSE_SN_SIZE);
+ serial[len] = '\0';
if (len == EFUSE_SN_SIZE)
env_set("serial#", serial);
}
diff --git a/board/amlogic/vim3/vim3.c b/board/amlogic/vim3/vim3.c
index 8bdfb302f72..43d7a8e84f6 100644
--- a/board/amlogic/vim3/vim3.c
+++ b/board/amlogic/vim3/vim3.c
@@ -151,7 +151,7 @@ int meson_ft_board_setup(void *blob, struct bd_info *bd)
int misc_init_r(void)
{
- u8 mac_addr[MAC_ADDR_LEN];
+ u8 mac_addr[MAC_ADDR_LEN + 1];
char efuse_mac_addr[EFUSE_MAC_SIZE], tmp[3];
char serial_string[EFUSE_MAC_SIZE + 1];
ssize_t len;
@@ -169,6 +169,7 @@ int misc_init_r(void)
tmp[2] = '\0';
mac_addr[i] = hextoul(tmp, NULL);
}
+ mac_addr[MAC_ADDR_LEN] = '\0';
if (is_valid_ethaddr(mac_addr))
eth_env_set_enetaddr("ethaddr", mac_addr);
--
2.34.1
View Git Blame Copy Permalink