[coreboot-gerrit] Patch set updated for coreboot: util/cbfstool: Improve heuristic for cbfs header pointer protection

Patrick Georgi (pgeorgi@google.com) gerrit at coreboot.org
Thu Feb 11 15:32:19 CET 2016 

Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/13672

-gerrit

commit dd821745830ef0bb1122f9e253615051421b878c
Author: Patrick Georgi <pgeorgi at chromium.org>
Date:   Wed Feb 10 18:07:52 2016 +0100

    util/cbfstool: Improve heuristic for cbfs header pointer protection
    
    cbfstool has a routine to deal with old images that may encourage it to
    overwrite the master header. That routine is triggered for
    "cbfstool add-master-header" prepared images even though these are not
    at risk, and - worse - destroys the chain structure (through a negative
    file length), so avoid touching such images.
    
    Change-Id: I9d0bbe3e6300b9b9f3e50347737d1850f83ddad8
    Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
---
 util/cbfstool/cbfs_image.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
index 314ea57..95e6f42 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -110,11 +110,18 @@ static int cbfs_fix_legacy_size(struct cbfs_image *image, char *hdr_loc)
 	// A bug in old cbfstool may produce extra few bytes (by alignment) and
 	// cause cbfstool to overwrite things after free space -- which is
 	// usually CBFS header on x86. We need to workaround that.
+	// Except when we run across a file that contains the actual header,
+	// in which case this image is a safe, new-style
+	// `cbfstool add-master-header` based image.
 
 	struct cbfs_file *entry, *first = NULL, *last = NULL;
 	for (first = entry = cbfs_find_first_entry(image);
 	     entry && cbfs_is_valid_entry(image, entry);
 	     entry = cbfs_find_next_entry(image, entry)) {
+		/* Is the header guarded by a CBFS file entry? Then exit */
+		if (((char *)entry) + ntohl(entry->offset) == hdr_loc) {
+			return 0;
+		}
 		last = entry;
 	}
 	if ((char *)first < (char *)hdr_loc &&

More information about the coreboot-gerrit mailing list