Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-04 11:53:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
arm-trusted-firmware/tools
History
Exact
Jaiprakash Singh fbf6555790 fix(tools): change data type to size_t for doimage 
In image_encrypt function, vulnerability arises
due to a mismatch between unsigned and signed
integer types. When a large unsigned integer
is returned by strlen and stored into signed
integer k, the value represented is a large
negative integer. This bypasses the subsequent
check against AES_BLOCK_SZ and allows a buffer
overflow to happen at memcpy.

Similar, vulnerability issue is fixed in
function verify_and_copy_file_name_entry.

Change-Id: I658521c1eec1c79933ba8082ba507df04d174e52
Signed-off-by: Jaiprakash Singh <jaiprakashs@marvell.com>
2025-04-01 18:19:45 +02:00
..
amlogic build: remove Windows compatibility layer 2025-01-14 16:21:51 +00:00
cert_create build: remove Windows compatibility layer 2025-01-14 16:21:51 +00:00
conventional-changelog-tf-a docs(changelog): changelog for v2.12 release 2024-11-19 18:08:58 -06:00
cot_dt2c build(dev-deps): bump the dev-deps group across 3 directories with 9 updates 2025-03-10 11:02:20 +01:00
encrypt_fw build: remove Windows compatibility layer 2025-01-14 16:21:51 +00:00
fiptool build: remove Windows compatibility layer 2025-01-14 16:21:51 +00:00
marvell/doimage fix(tools): change data type to size_t for doimage 2025-04-01 18:19:45 +02:00
memory refactor(memmap): migrate to Poetry 2025-02-27 15:32:05 +00:00
nxp fix(nxp-tools): fix2 create_pbl buildroot build 2025-03-27 18:00:05 +01:00
renesas fix(rcar-layout): fix tool build 2024-11-10 16:09:18 +01:00
sptool feat(sptool): add StMM memory region descriptor 2025-03-04 14:38:13 -06:00
stm32image build: remove Windows compatibility layer 2025-01-14 16:21:51 +00:00
tlc build(dev-deps): bump the dev-deps group across 3 directories with 9 updates 2025-03-10 11:02:20 +01:00