Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-15 00:54:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

DebugFS: Check channel index before calling clone function

Browse source 
To avoid a potential out-of-bounds access, check whether
a device exists on a channel before calling the corresponding
clone function.

Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: Ia0dd66b331d3fa8a33109a02369e1bc9ae0fdd5b
This commit is contained in:
Zelalem 2020-12-18 11:02:25 -06:00 committed by Zelalem Aweke
parent d194afa71b
commit b226c74737
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/debugfs/dev.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, Arm Limited. All rights reserved.
* Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -333,6 +333,10 @@ noent:
******************************************************************************/
chan_t *clone(chan_t *c, chan_t *nc)
{
if (c->index == NODEV) {
return NULL;
}
return devtab[c->index]->clone(c, nc);
}

11
lib/debugfs/devfip.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019-2020, Arm Limited. All rights reserved.
* Copyright (c) 2019-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -129,7 +129,10 @@ static int fipgen(chan_t *c, const dirtab_t *tab, int ntab, int n, dir_t *dir)
panic();
}
clone(archives[c->dev].c, &nc);
if (clone(archives[c->dev].c, &nc) == NULL) {
panic();
}
fip = &archives[nc.dev];
off = STOC_HEADER;
@ -202,7 +205,9 @@ static int fipread(chan_t *c, void *buf, int n)
panic();
}
clone(fip->c, &cs);
if (clone(fip->c, &cs) == NULL) {
panic();
}
size = fip->size[c->qid];
if (c->offset >= size) {