Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / 30481361d88718fa6eead75508c552cc70c728dc
commit30481361d88718fa6eead75508c552cc70c728dc[log] [tgz]
authorJoel Kitching <kitching@google.com>Sat Nov 23 16:56:01 2019 +0800
committerCommit Bot <commit-bot@chromium.org>Mon Nov 25 13:38:17 2019 +0000
treefc8d4dd1a0c2249cf80bfb6d0babbc70712d46c3
parent16c91aa86c73b9013d6e1397b7d0267a74f9540a [diff]
vboot: fix workbuf_used value after storing GBB header

After storing the GBB header on the workbuf, the offset of wb.buf
is stored into workbuf_used by incorrectly using ctx as the
pointer base, rather than sd (which corresponds to the start of
the workbuf).  This subtracts 8 bytes from the correct value of
workbuf_used, and leaves the last 8 bytes of the GBB header
vulnerable to being overwritten with any VB2_WORKBUF_ALIGN values
less than 16.

Also update the relevant vb2_misc_tests check to account for
GBB headers with non-aligned sizes (currently it is 128 bytes).

BUG=b:124141368, chromium:1027846
TEST=Test with various VB2_WORKBUF_ALIGN values
BRANCH=none

Change-Id: I862d29155ce08df6911c277f8ce8c703ffaf1df7
Signed-off-by: Joel Kitching <kitching@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1932276
Tested-by: Joel Kitching <kitching@chromium.org>
Reviewed-by: Yu-Ping Wu <yupingso@chromium.org>
Commit-Queue: Joel Kitching <kitching@chromium.org>
2 files changed
tree: fc8d4dd1a0c2249cf80bfb6d0babbc70712d46c3
  1. cgpt/
  2. firmware/
  3. futility/
  4. host/
  5. scripts/
  6. tests/
  7. utility/
  8. .clang-format
  9. .gitignore
  10. Android.mk
  11. emerge_test.sh
  12. LICENSE
  13. Makefile
  14. OWNERS
  15. PRESUBMIT.cfg
  16. README
  17. vboot_host.pc.in