This is the mail archive of the
ecos-discuss@sources.redhat.com
mailing list for the eCos project.
RE: Fixes to RedBoot "load" command
- From: Gary Parnes <GaryP at logicpd dot com>
- To: "'ecos-discuss at sources dot redhat dot com'" <ecos-discuss at sources dot redhat dot com>
- Date: Fri, 23 Apr 2004 15:56:57 -0500
- Subject: [ECOS] RE: Fixes to RedBoot "load" command
I see a potential vulnerability in the CYG_ASSERT() that is watching for
code that overshoots the opts[] array. It is checking the value of
num_options against a constant. But, num_options is also resident on the
stack. Writing beyond the bounds of the opts[] array COULD end up
corrupting the value of num_options itself (it all depends on how the
compiler arranges things on the stack), and so it could result in a "false
positive" in the CYG_ASSERT().
I starting to think that the options mechanism needs to be reworked.
Perhaps the opts[] array could be embedded in a structure that tracks the
count and the max?
--Gary Parnes
SENIOR SOFTWARE ENGINEER
Logic Product Development
411 Washington Ave. North, Suite 101
Minneapolis, MN 55401
Main: (612) 672-9495
Direct: (612) 436-5165
> -----Original Message-----
> From: Gary Thomas [mailto:gary@mlbassoc.com]
> Sent: Friday, April 23, 2004 3:38 PM
> To: Gary Parnes
> Cc: eCos patches
> Subject: Re: Fixes to RedBoot "load" command
>
>
> On Fri, 2004-04-23 at 13:43, Gary Parnes wrote:
> > Two fixes concerning RedBoot's "load" command in this
> patch. One corrects a
> > potential stack corruption situation. The other fixes a
> problem when
> > specifying the port on a little endian system.
> >
> >
> > <<redboot_patch.txt>>
>
>
> Thanks for pointing these out. I've committed the change to the TFTP
> code as-is. The change for 'load' was rather messy so I did
> it a little
> differently. I also went ahead and made the same change
> everywhere that
> a variable option list was used.
>
> --
> Gary Thomas <gary@mlbassoc.com>
> MLB Associates
>
--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss