From patchwork Fri Jan 15 03:11:49 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mo Yuezhang <Yuezhang.Mo@sony.com>
X-Patchwork-Id: 1426774
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=pass (p=none dis=none) header.from=sony.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=sony.com header.i=@sony.com header.a=rsa-sha256
 header.s=S1 header.b=XiC1/N9E;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4DH5np4Xy4z9sWQ
	for <incoming@patchwork.ozlabs.org>; Fri, 15 Jan 2021 14:12:14 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 51FF6827F0;
	Fri, 15 Jan 2021 04:12:09 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=sony.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=sony.com header.i=@sony.com header.b="XiC1/N9E";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id CB959827F9; Fri, 15 Jan 2021 04:12:07 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,
 RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=ham autolearn_force=no
 version=3.4.2
Received: from mx08-001d1705.pphosted.com (mx08-001d1705.pphosted.com
 [185.183.30.70])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 25710827D2
 for <u-boot@lists.denx.de>; Fri, 15 Jan 2021 04:12:04 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=sony.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=Yuezhang.Mo@sony.com
Received: from pps.filterd (m0209322.ppops.net [127.0.0.1])
 by mx08-001d1705.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id
 10F30BFo018335; Fri, 15 Jan 2021 03:11:59 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sony.com;
 h=from : to : cc :
 subject : date : message-id : content-type : content-transfer-encoding :
 mime-version; s=S1; bh=hft5fy1kDCzG3wkeNytHdlINuRMCECmOnh2sg2wOQOw=;
 b=XiC1/N9ECPgms7ecuvu0dAiJFGxakrQLoEGSclMNRc+31KAKpM+Q158Qq3Bv94sVm3kX
 oa+D8fbR2Rufmv1SHC/0uC6ocmDQVRIFg6HJY2l0eLYaVl4ermygzYududujAPPfmre/
 fsosGx2l+TYYjBFte23exxsnqm/QlfzUq0vNcw7PYEElr8TDhzaCfzdfwnS6wdKBZY9K
 sgNrgzt0phScU8I0oh5YJ9bUvbHtO7oP2xJjRyqi5C2IEnAlAUF3WpAqW+YLi7NtvzO+
 3wNjaAPX7gq99mMEeJdTLCygG9DQW9feRa2txeHcNHw7Go4QwHezWVquTHEHwrkw1PUw Eg==
Received: from apc01-pu1-obe.outbound.protection.outlook.com
 (mail-pu1apc01lp2054.outbound.protection.outlook.com [104.47.126.54])
 by mx08-001d1705.pphosted.com with ESMTP id 361u9q338p-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Fri, 15 Jan 2021 03:11:59 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=X1L0+MxifabDbH0yQLQx9lvnl2C1fOfIyFg5SXxi1RXlzSdi0Hzzs1+d1+KD0lXruDq8O6l8gPTQxc5XIw4MMqZHxJ9KFKsoBj7+dX3nPk93Ow80d4/8SPidnvzknRJUY/oofqnn67Cs4qHmRoViB83IaFPi5GFEI4nl3UW+14TBnDz1THnJ0vvEkJmSXBxJVSD6kCQeyWlHOH35+odMRVwgD3z68YwH5GyVhzoXuUCtUOFYm7zyJImpV3SeXqhl0fO6pDiaXenQShlYJ7Xv+AdEeZ9PyFmfDnkxYvh9cIOHk8YC3t9SJrL8uS+0QcbBhazGUHkcwo1sgo2M4wJveQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=hft5fy1kDCzG3wkeNytHdlINuRMCECmOnh2sg2wOQOw=;
 b=iG/o3en3SxlFNmxgB1FhkeU1Jb7SVKU12Ut/u/bGAOgSAErewMMjccbuLokWEh+CpCtsvSBpbzd/8eeGBY4IDcNw0lHdF8CWfWsF8RoMEV6fv/DgiPk15TVAhkVhHch0M3EnIiSJmWGmAux1tcX8sod8Sy4qE7otl0NTScyZNpOzDCE4+qBJ3REqhby5fCjoEgJw2wMLuQnYSarh9uLZG8/+Pwjs127se5OWKGfHfZ+VuKUDV0e5xqtr+vNtOTZxzgqyFjbDAF0orS6rjp8bE6xO8W0PhdFC3S+YUYbrT7lwmhN3HsUygJgDyp55LBIkKreSoBEQXkEQPdvEvOkKXQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=sony.com; dmarc=pass action=none header.from=sony.com;
 dkim=pass header.d=sony.com; arc=none
Received: from HK2PR04MB3891.apcprd04.prod.outlook.com (2603:1096:202:35::13)
 by HK0PR04MB2833.apcprd04.prod.outlook.com (2603:1096:203:5f::14)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.10; Fri, 15 Jan
 2021 03:11:49 +0000
Received: from HK2PR04MB3891.apcprd04.prod.outlook.com
 ([fe80::8cf4:ec00:d40c:e3cf]) by HK2PR04MB3891.apcprd04.prod.outlook.com
 ([fe80::8cf4:ec00:d40c:e3cf%4]) with mapi id 15.20.3742.012; Fri, 15 Jan 2021
 03:11:49 +0000
From: <Yuezhang.Mo@sony.com>
To: <u-boot@lists.denx.de>
CC: <sjg@chromium.org>, <hs@denx.de>, <xypron.glpk@gmx.de>
Subject: [PATCH] autoboot: fix illegal memory access when stop key and delay
 key are empty
Thread-Topic: [PATCH] autoboot: fix illegal memory access when stop key and
 delay key are empty
Thread-Index: Adbq679HzHnClZLuS6ext+XwepGq/Q==
Date: Fri, 15 Jan 2021 03:11:49 +0000
Message-ID: 
 <HK2PR04MB3891CBB4241D01AC35808CA181A70@HK2PR04MB3891.apcprd04.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: lists.denx.de; dkim=none (message not signed)
 header.d=none;lists.denx.de; dmarc=none action=none header.from=sony.com;
x-originating-ip: [58.32.209.43]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: fcafa479-aafe-4768-f858-08d8b9034cea
x-ms-traffictypediagnostic: HK0PR04MB2833:
x-microsoft-antispam-prvs: 
 <HK0PR04MB283313FA446BCD77DEB9B47281A70@HK0PR04MB2833.apcprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:161;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 gjotfx9IrOr+DhlcIoeOenuWCBbD9McF88DvpntPClSIzfbesO1PsWQV45j8NvuCx2D47kwKB453OF5rwSoqVxZUX6mb9yVlGUfkDuj2+fSm0hhjjlVrxEPv89Ag3YII74HUOpZOUr+4e/cCBOBSiP9VFhA4eC56ItdPHBBMUYJLjX9IY2BKp0KdGNCDw+PbTmTLops9hINuFWGSl6bdm+0UFNORRnoKemz8aRRoC7HdHLyRi0YyFMEEaGtnVVTRD7BjOU5sZikuyxFbz8FT6tFBC6PFkbqnYGe/hPbkNn3hG+CXS8dSb2qrJuohNRKwVysM6ndmP3k3eZNFySmH2PeU62P5Y5zZIHK2DjUX0n+/ALIcA0vFxcax42x8XxeNXJT98E+3sq+8fWUC2B9TdA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:HK2PR04MB3891.apcprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(136003)(366004)(346002)(376002)(396003)(39860400002)(5660300002)(8676002)(8936002)(316002)(2906002)(6916009)(54906003)(7696005)(9686003)(478600001)(55016002)(4744005)(71200400001)(66446008)(64756008)(76116006)(66946007)(86362001)(66476007)(26005)(4326008)(66556008)(6506007)(186003)(33656002)(83380400001)(52536014);
 DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?q?3LLBgAviFC/bnc1cB50zMCSbIzRDA/?=
	=?utf-8?q?aC14kO2Fcl2xTDPhYl+gdo2Hoz2RXXtu343k63iihLjxU63gCycIWCeuQSF/Za1Ew?=
	=?utf-8?q?vmzSqOnq/bjq2kxMeLoUYQV7o198qkrh0CSpCH4p3rruVGKoLamIYG3D5KYXF55oX?=
	=?utf-8?q?fg6rKZ1DPjQnzHdVC7ruFuLagtg09W71s8RbEGIKDUU9W0jEC4EFFoU1RKGnSfVWT?=
	=?utf-8?q?L43QO0erpxNjx54qIpSFc1SJjzwsYMvYvyCxdKGtp/km5yMKxRczNDx1K8IWtcOxV?=
	=?utf-8?q?tbeuN9gfikJfgymcsiSZMBDHP+nj3kFEmlgNod3J2LqXa4hdzAQZp75MvsgF+nGJ8?=
	=?utf-8?q?JRJwdMXbNf0Dan71bQVwkumR148zEMzcAnLQH5VyBTj89Kyb7DLlkc/4GjxfV8dgY?=
	=?utf-8?q?LbHKAuWa8u/fZpZBt9nvQFB9Rxo52Q3dT2Ep/8Osdr+wVXbiDuqbUL6yaxsTZedmJ?=
	=?utf-8?q?x8OYm86nw+w9/K0tBo+YxodAZRbgO6wWOd2wUJTSzw2JSci4PcKrhO121dgjjyARh?=
	=?utf-8?q?OYS/uRVdO4q0yazerdJvnsUcrS73z4TsZ+n3qaN9+FB4VIJuKPiTvIGe96PgAZ8BD?=
	=?utf-8?q?OjLqXU9DVa6V1THDfujRMl0UoaFkb5BcSHzM9TVOspmOkKxstUbdV5XqYq9nI+Lva?=
	=?utf-8?q?Huv/2qOpPj3FVq4IPgTtEQZrSbaLMv49hvl7o09gc0VLMlolG8QCWcCes3ppR7sic?=
	=?utf-8?q?RWSWN62J8+Tkw8k2qSDs05XPTTT36+jOjyC89Mptqp8Ycu01tShfHSqrvjEKJDWnG?=
	=?utf-8?q?JFBsNKTV1FaW5CZ8YfbXy/nSY2qGl1lkWVrymO5af2PRWuQosYtkERBwS3vkrnU5K?=
	=?utf-8?q?8wGC3hFwRUxm4CBPEuuca7Jv7nif+2vpgampY/H09qwc78WmbKzPfgM6bgaLd3e8G?=
	=?utf-8?q?oCsn5ALXsbL5sakV97/zgSzAeDZNPWPRkk9QA2qmsmtD64IsKP/r7aKILWRD58Q?=
	=?utf-8?q?=3D?=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: sony.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HK2PR04MB3891.apcprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 fcafa479-aafe-4768-f858-08d8b9034cea
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jan 2021 03:11:49.8523 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 66c65d8a-9158-4521-a2d8-664963db48e4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 iXq4xeglkgHWcjjbR/NsBeBBYZMV3k+xddCefH6LdzVEheoktroETLV31vsDTqt0CDEYg7sEKZ4uyBGZKxvfTw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK0PR04MB2833
X-Sony-Outbound-GUID: Z4XN18viSIgaE8d-uCevrlj-CyoCTd0Y
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737
 definitions=2021-01-14_10:2021-01-14,
 2021-01-14 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxlogscore=974 adultscore=0
 spamscore=0 bulkscore=0 clxscore=1031 suspectscore=0 impostorscore=0
 lowpriorityscore=0 malwarescore=0 phishscore=0 priorityscore=1501
 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2009150000 definitions=main-2101150014
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

If both stop key and delay key are empty, the length of these
keys is 0. The subtraction operation will cause the u_int type
variable to overflow, will cause illegal memory access in key
input loop.

This commit fixes this bug by using int type instead of u_init.
Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 common/autoboot.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/common/autoboot.c b/common/autoboot.c
index e628baffb8..61fb09f910 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -156,9 +156,9 @@ static int passwd_abort_key(uint64_t etime)
 	};
 
 	char presskey[MAX_DELAY_STOP_STR];
-	u_int presskey_len = 0;
-	u_int presskey_max = 0;
-	u_int i;
+	int presskey_len = 0;
+	int presskey_max = 0;
+	int i;
 
 #  ifdef CONFIG_AUTOBOOT_DELAY_STR
 	if (delaykey[0].str == NULL)