Google Git
Sign in
gbmc/hoth-ipmi-blobs/refs/heads/master
commit
eee138fb4b8046ac0e18e175c0e3abab160f0e94
[log]
author
Lovepreet Singh <lpsingh@google.com>
Wed Jun 03 20:48:25 2026 +0000
committer
Lovepreet Singh <lpsingh@google.com>
Wed Jun 03 20:57:23 2026 +0000
tree
e1da1a2af2537068931fa78414032d68e7d67b09
parent
2c24ca4cf661e76929860e42446d3a31a638532e [diff]
Integer overflow check in writes to session buffer

The current logic for writing to hoth blob session buffer can run into
out-of-bounds memory access when `data` and `offset` are controlled by
an attacker.

This change adds additional check to avoid the overflow (and hence the
out-of-bounds memory access). This change also moves handling for empty
`data` earlier in the code

Google-Bug-Id=517927802
Change-Id: Ib03fdb69d94e9820eac715544b84cf755cf754e5
Signed-off-by: Lovepreet Singh <lpsingh@google.com>
1 file changed
tree: e1da1a2af2537068931fa78414032d68e7d67b09
  1. command/
  2. skmhss/
  3. test/
  4. tpm/
  5. update/
  6. dbus.cpp
  7. dbus.hpp
  8. dbus_impl.hpp
  9. hoth.cpp
  10. hoth.hpp
  11. LICENSE
  12. meson.build
  13. meson_options.txt
  14. README.md
README.md

Hoth IPMI Blob Handler