fix(intel): update memcpy to memcpy_s
memcpy does not check the dst_size which may
create vulnerable issue as it can overflow the buffer.
Using memcpy_s which check the dst_size will help to
reduce the risk. Also, this memcpy is always 4 bytes
each time.
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I413e6ae2ee9330501703c4cd63b7943c6f55b4c7
diff --git a/plat/intel/soc/common/drivers/sdmmc/sdmmc.c b/plat/intel/soc/common/drivers/sdmmc/sdmmc.c
index 8666f54..48f91eb 100644
--- a/plat/intel/soc/common/drivers/sdmmc/sdmmc.c
+++ b/plat/intel/soc/common/drivers/sdmmc/sdmmc.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2022-2023, Intel Corporation. All rights reserved.
+ * Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -19,6 +20,7 @@
#include "agilex5_pinmux.h"
#include "sdmmc.h"
+#include "socfpga_mailbox.h"
static const struct mmc_ops *ops;
static unsigned int mmc_ocr_value;
@@ -518,7 +520,8 @@
return ret;
}
- memcpy(&mmc_csd, &resp_data, sizeof(resp_data));
+ memcpy_s(&mmc_csd, sizeof(mmc_csd) / MBOX_WORD_BYTE,
+ &resp_data, sizeof(resp_data) / MBOX_WORD_BYTE);
/* CMD7: Select Card */
ret = sdmmc_send_cmd(MMC_CMD(7), rca << RCA_SHIFT_OFFSET,
@@ -758,7 +761,8 @@
(params->bus_width == MMC_BUS_WIDTH_4) ||
(params->bus_width == MMC_BUS_WIDTH_8)));
- memcpy(&cdns_params, params, sizeof(struct cdns_sdmmc_params));
+ memcpy_s(&cdns_params, sizeof(struct cdns_sdmmc_params) / MBOX_WORD_BYTE,
+ params, sizeof(struct cdns_sdmmc_params) / MBOX_WORD_BYTE);
cdns_params.cdn_sdmmc_dev_type = info->mmc_dev_type;
cdns_params.cdn_sdmmc_dev_mode = SD_DS;
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index adeb069..91df934 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -1,5 +1,6 @@
/*
- * Copyright (c) 2020-2022, Intel Corporation. All rights reserved.
+ * Copyright (c) 2020-2023, Intel Corporation. All rights reserved.
+ * Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -1164,8 +1165,8 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- memcpy((uint8_t *) &payload[i], (uint8_t *) mac_offset,
- src_size - data_size);
+ memcpy_s(&payload[i], (src_size - data_size) / MBOX_WORD_BYTE,
+ (void *) mac_offset, (src_size - data_size) / MBOX_WORD_BYTE);
i += (src_size - data_size) / MBOX_WORD_BYTE;
}
@@ -1298,8 +1299,8 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- memcpy((uint8_t *) &payload[i], (uint8_t *) mac_offset,
- src_size - data_size);
+ memcpy_s(&payload[i], (src_size - data_size) / MBOX_WORD_BYTE,
+ (void *) mac_offset, (src_size - data_size) / MBOX_WORD_BYTE);
memset((void *) dst_addr, 0, *dst_size);
@@ -1401,8 +1402,8 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- memcpy((uint8_t *) &payload[i], (uint8_t *) hash_data_addr,
- src_size);
+ memcpy_s(&payload[i], src_size / MBOX_WORD_BYTE,
+ (void *) hash_data_addr, src_size / MBOX_WORD_BYTE);
i += src_size / MBOX_WORD_BYTE;
@@ -1502,8 +1503,8 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- memcpy((uint8_t *) &payload[i],
- (uint8_t *) hash_sig_pubkey_addr, src_size);
+ memcpy_s(&payload[i], src_size / MBOX_WORD_BYTE,
+ (void *) hash_sig_pubkey_addr, src_size / MBOX_WORD_BYTE);
i += (src_size / MBOX_WORD_BYTE);
@@ -1839,8 +1840,8 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- memcpy((uint8_t *) &payload[i], (uint8_t *) sig_pubkey_offset,
- src_size - data_size);
+ memcpy_s(&payload[i], (src_size - data_size) / MBOX_WORD_BYTE,
+ (void *) sig_pubkey_offset, (src_size - data_size) / MBOX_WORD_BYTE);
i += (src_size - data_size) / MBOX_WORD_BYTE;
}
@@ -1971,8 +1972,8 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- memcpy((uint8_t *) &payload[i], (uint8_t *) sig_pubkey_offset,
- src_size - data_size);
+ memcpy_s(&payload[i], (src_size - data_size) / MBOX_WORD_BYTE,
+ (void *) sig_pubkey_offset, (src_size - data_size) / MBOX_WORD_BYTE);
memset((void *) dst_addr, 0, *dst_size);
@@ -2145,7 +2146,8 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- memcpy((uint8_t *) &payload[i], (uint8_t *) pubkey, src_size);
+ memcpy_s(&payload[i], src_size / MBOX_WORD_BYTE,
+ (void *) pubkey, src_size / MBOX_WORD_BYTE);
i += src_size / MBOX_WORD_BYTE;
status = mailbox_send_cmd(MBOX_JOB_ID, MBOX_FCS_ECDH_REQUEST,
@@ -2223,8 +2225,8 @@
fcs_aes_init_payload.param_size = param_size;
fcs_aes_init_payload.key_id = key_id;
- memcpy((uint8_t *) fcs_aes_init_payload.crypto_param,
- (uint8_t *) param_addr, param_size);
+ memcpy_s(fcs_aes_init_payload.crypto_param, param_size / MBOX_WORD_BYTE,
+ (void *) param_addr, param_size / MBOX_WORD_BYTE);
fcs_aes_init_payload.is_updated = 0;
@@ -2304,9 +2306,10 @@
return INTEL_SIP_SMC_STATUS_REJECTED;
}
- memcpy((uint8_t *) &fcs_aes_crypt_payload[i],
- (uint8_t *) fcs_aes_init_payload.crypto_param,
- fcs_aes_init_payload.param_size);
+ memcpy_s(&fcs_aes_crypt_payload[i],
+ fcs_aes_init_payload.param_size / MBOX_WORD_BYTE,
+ (void *) fcs_aes_init_payload.crypto_param,
+ fcs_aes_init_payload.param_size / MBOX_WORD_BYTE);
i += fcs_aes_init_payload.param_size / MBOX_WORD_BYTE;
}
diff --git a/plat/intel/soc/common/soc/socfpga_handoff.c b/plat/intel/soc/common/soc/socfpga_handoff.c
index 526c6e1..6974768 100644
--- a/plat/intel/soc/common/soc/socfpga_handoff.c
+++ b/plat/intel/soc/common/soc/socfpga_handoff.c
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
+ * Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -15,15 +16,21 @@
int socfpga_get_handoff(handoff *reverse_hoff_ptr)
{
int i;
+ int j;
uint32_t *buffer;
- handoff *handoff_ptr = (handoff *) PLAT_HANDOFF_OFFSET;
+ uint32_t *handoff_ptr = (uint32_t *) PLAT_HANDOFF_OFFSET;
+ uint32_t *reverse_hoff_ptr_dst = (uint32_t *) reverse_hoff_ptr;
if (sizeof(*handoff_ptr) > sizeof(handoff)) {
return -EOVERFLOW;
}
- memcpy(reverse_hoff_ptr, handoff_ptr, sizeof(handoff));
- buffer = (uint32_t *)reverse_hoff_ptr;
+ for (j = 0; j < sizeof(handoff) / 4; j++) {
+ memcpy_s((void *) (reverse_hoff_ptr_dst + j), 1,
+ (void *) (handoff_ptr + j), 1);
+ }
+
+ buffer = (uint32_t *)reverse_hoff_ptr_dst;
/* convert big endian to little endian */
for (i = 0; i < sizeof(handoff) / 4; i++)
diff --git a/plat/intel/soc/common/soc/socfpga_mailbox.c b/plat/intel/soc/common/soc/socfpga_mailbox.c
index b8e5cde..74ecc95 100644
--- a/plat/intel/soc/common/soc/socfpga_mailbox.c
+++ b/plat/intel/soc/common/soc/socfpga_mailbox.c
@@ -252,7 +252,7 @@
return MBOX_RET_ERROR;
}
- memcpy((uint8_t *) response,
+ memcpy_s((uint8_t *) response, *resp_len * MBOX_WORD_BYTE,
(uint8_t *) mailbox_resp_ctr.payload->data,
*resp_len * MBOX_WORD_BYTE);
}
diff --git a/plat/intel/soc/common/socfpga_psci.c b/plat/intel/soc/common/socfpga_psci.c
index c93e13f..623843e 100644
--- a/plat/intel/soc/common/socfpga_psci.c
+++ b/plat/intel/soc/common/socfpga_psci.c
@@ -1,6 +1,7 @@
/*
* Copyright (c) 2019-2023, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2019-2023, Intel Corporation. All rights reserved.
+ * Copyright (c) 2024, Altera Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -183,8 +184,9 @@
{
uint32_t addr_buf[2];
- memcpy(addr_buf, &intel_rsu_update_address,
- sizeof(intel_rsu_update_address));
+ memcpy_s(addr_buf, sizeof(intel_rsu_update_address),
+ &intel_rsu_update_address, sizeof(intel_rsu_update_address));
+
if (intel_rsu_update_address) {
mailbox_rsu_update(addr_buf);
} else {
diff --git a/plat/intel/soc/common/socfpga_vab.c b/plat/intel/soc/common/socfpga_vab.c
index d1734c8..969abb3 100644
--- a/plat/intel/soc/common/socfpga_vab.c
+++ b/plat/intel/soc/common/socfpga_vab.c
@@ -113,7 +113,8 @@
VERBOSE("mbox_data_addr = %lx mbox_data_sz = %d\n", mbox_data_addr, mbox_data_sz);
- memcpy(mbox_relocate_data_addr, (uint8_t *)mbox_data_addr, mbox_data_sz * sizeof(uint32_t));
+ memcpy_s(mbox_relocate_data_addr, mbox_data_sz * sizeof(uint32_t),
+ (uint8_t *)mbox_data_addr, mbox_data_sz * sizeof(uint32_t));
*((unsigned int *)mbox_relocate_data_addr) = CCERT_CMD_TEST_PGM_MASK;