Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2822544imm; Wed, 16 May 2018 21:21:55 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpHDUgXNUbt0I54Xc6KA0Ar4Qg9BpyrDRQwrXuPh5g59tPJkAGm/5ChFC0tIj2i2D2KTEnV X-Received: by 2002:a17:902:6b04:: with SMTP id o4-v6mr3665677plk.101.1526530915438; Wed, 16 May 2018 21:21:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526530915; cv=none; d=google.com; s=arc-20160816; b=q/wrKudFnxDP4jrYvnAX1C6PaeTqrliC7B2a+ADM0XiaAjI1EDV/CNRbY4YxpSPzVo muNAYEHMxK7c17NKZHCQhRh8gCODlH/Xflza7MetXWd6dALXMZkEQAFosmwXgaG9mIPr Au+gd+FNygGZEfolM2anWM8eFWL/3T4Qm8pRO9C7z6JX7q0CkATD3rOQs+LDCZ95mIbs Lvax0OA6eNnf5lOjeZ44WWKTIMu8OyibKq3ksdHeCyoxCP/6GruzV4WCPhvqfNm56+9c ddJ1PI2b8B/Pc1brzOubR2ybhtmkbBJ9CEmOCWPbPVuYclo+f1WLcrFTjWx67aFImyoJ XPtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=ojii/NW9uDkRIsSrmfL4fvDcOqxsUjKW04bWn9cJsc8=; b=m3zbaZKwDcWcbkJ5YaB30SiUw9wyjE8tCFZY5Dto4FaGYI/JDICbRNzYSCiENdUSEm qS2s8OVB7zy0/d8rN1QfkRJgkx2QLhtwyFu6Zn4U3IvEoXeDF+LtsZgkFh6ygaO8Nvu2 KpWuBsyACdnHQm7t6fCJyLeIGz6FqNgZ/wqiZ+j8+plkHt6eEvVMldb3S6YC3yE02FtH fyxvz7aDuEHvgFGX8SIMyqYv44+Je8Z8lIhqto5PYIqqgMCbLhpDaIxorfDf4OFo0EPh BPWmRcTAcW2qYI09H6jS8J9Nce7fzMbbC7bP4p4qqXc8lHwhpjSkJvXkYZwY0sdMenTg YXZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UKSK0aoT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b36-v6si4247381pli.30.2018.05.16.21.21.41; Wed, 16 May 2018 21:21:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UKSK0aoT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752129AbeEQEUF (ORCPT + 99 others); Thu, 17 May 2018 00:20:05 -0400 Received: from mail-pg0-f66.google.com ([74.125.83.66]:38850 "EHLO mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751798AbeEQEUE (ORCPT ); Thu, 17 May 2018 00:20:04 -0400 Received: by mail-pg0-f66.google.com with SMTP id n9-v6so1227049pgq.5; Wed, 16 May 2018 21:20:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=ojii/NW9uDkRIsSrmfL4fvDcOqxsUjKW04bWn9cJsc8=; b=UKSK0aoTQqkIp22/3ZGTX4gh1NQ7Ioj8LjC5dKTyv+pKdcUIMTMQRIkN/251EvCDbD hX8N/15NKrvgv0wVpqLpAxwRP0xvqNjOrHvW6ykwUFsfGJSmmj6j4gqthLoJ4Cr5CQFe EWJIkvJPpLEXaOR0hHOpe0JXVlIAlmJ81hUvpZeSZcTF/x7gJW6bXujpJzZtME3K5HWj 2AgdK7afQvzZ0/zCIocXUVj6f0icoks7fVYZVZZYEDQ2/fIJn1IF7mFht9N7X7DWt2W4 stG2LhhX7nJj2EqY0UXbi2d9AGsj2kFk9PWHocwX16Ccsax2l+cPftcTbn400CccU5s5 SUaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=ojii/NW9uDkRIsSrmfL4fvDcOqxsUjKW04bWn9cJsc8=; b=hR+5qJOqakyoiCm9Bniqe8g2xYNeZQNRp0X91xqPUTkoGEeWaumdS26LhXjjwozIm1 yFa/x1CmAp5iDIPcrZgyCNXlxCAcYa6zdaEv8kmeGzKAbcMvpDwH85Rv5UaL36garsIg MZxvIE5+WxZHyXQUYeOwvcVaRGLc434U2meP05OZV2pt7APgtDg08/PPJUugiEynFjio p3J9MyJoXUPcryPX2V42Yv5Kg0RH0mL76t8W3ucolHoGiwjtz6uU4mgReaEDa4Fs7DzI /oJjsgIqwLTO48DDotw8yDnzwc5GxEK/vSirM2hjKOrwtIuxPBuiCkFvOAN4Mmmci9jn VxTg== X-Gm-Message-State: ALKqPwfIMOodDmX9InyHIV0VNzkNMrAZXnSi0rsfYs1x7nZmja8jgy6y NwJOAnzaKM7FuJ/lvjolRSo= X-Received: by 2002:a63:3f49:: with SMTP id m70-v6mr1422059pga.340.1526530803848; Wed, 16 May 2018 21:20:03 -0700 (PDT) Received: from localhost.localdomain (c-24-6-192-50.hsd1.ca.comcast.net. [24.6.192.50]) by smtp.gmail.com with ESMTPSA id h75-v6sm6958552pfh.148.2018.05.16.21.20.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 16 May 2018 21:20:03 -0700 (PDT) From: frowand.list@gmail.com To: Rob Herring , pantelis.antoniou@konsulko.com, Pantelis Antoniou Cc: Dan Carpenter , devicetree@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] of: overlay: validate offset from property fixups Date: Wed, 16 May 2018 21:19:51 -0700 Message-Id: <1526530791-18591-1-git-send-email-frowand.list@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Frank Rowand The smatch static checker marks the data in offset as untrusted, leading it to warn: drivers/of/resolver.c:125 update_usages_of_a_phandle_reference() error: buffer underflow 'prop->value' 's32min-s32max' Add check to verify that offset is within the property data. Reported-by: Dan Carpenter Signed-off-by: Frank Rowand --- drivers/of/resolver.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/of/resolver.c b/drivers/of/resolver.c index 65d0b7adfcd4..7edfac6f1914 100644 --- a/drivers/of/resolver.c +++ b/drivers/of/resolver.c @@ -122,6 +122,11 @@ static int update_usages_of_a_phandle_reference(struct device_node *overlay, goto err_fail; } + if (offset < 0 || offset + sizeof(__be32) > prop->length) { + err = -EINVAL; + goto err_fail; + } + *(__be32 *)(prop->value + offset) = cpu_to_be32(phandle); } -- Frank Rowand