Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-11 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
arm-trusted-firmware/tools/marvell/doimage
History
Exact
Jaiprakash Singh fbf6555790 fix(tools): change data type to size_t for doimage 
In image_encrypt function, vulnerability arises
due to a mismatch between unsigned and signed
integer types. When a large unsigned integer
is returned by strlen and stored into signed
integer k, the value represented is a large
negative integer. This bypasses the subsequent
check against AES_BLOCK_SZ and allows a buffer
overflow to happen at memcpy.

Similar, vulnerability issue is fixed in
function verify_and_copy_file_name_entry.

Change-Id: I658521c1eec1c79933ba8082ba507df04d174e52
Signed-off-by: Jaiprakash Singh <jaiprakashs@marvell.com>
2025-04-01 18:19:45 +02:00
..
secure tools: Move doimage to marvell folder for future add-ons 2018-10-22 18:17:52 +03:00
doimage.c fix(tools): change data type to size_t for doimage 2025-04-01 18:19:45 +02:00
doimage.mk tools: Move doimage to marvell folder for future add-ons 2018-10-22 18:17:52 +03:00
Makefile build: determine toolchain tools dynamically 2024-09-10 09:47:06 +00:00