Searched hist:fbf6555790ad6de635ebf9e5581c840496166306 (Results 1 – 1 of 1) sorted by relevance
| /rk3399_ARM-atf/tools/marvell/doimage/ |
| H A D | doimage.c | fbf6555790ad6de635ebf9e5581c840496166306 Sun Dec 29 07:10:16 UTC 2024 Jaiprakash Singh <jaiprakashs@marvell.com> fix(tools): change data type to size_t for doimage
In image_encrypt function, vulnerability arises
due to a mismatch between unsigned and signed
integer types. When a large unsigned integer
is returned by strlen and stored into signed
integer k, the value represented is a large
negative integer. This bypasses the subsequent
check against AES_BLOCK_SZ and allows a buffer
overflow to happen at memcpy.
Similar, vulnerability issue is fixed in
function verify_and_copy_file_name_entry.
Change-Id: I658521c1eec1c79933ba8082ba507df04d174e52
Signed-off-by: Jaiprakash Singh <jaiprakashs@marvell.com>
|