]> git.ipfire.org Git - thirdparty/u-boot.git/commitdiff
projects / thirdparty / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 949e5cb)
kwbimage: Fix out of bounds access
authorAlexander Graf <agraf@suse.de>
Thu, 15 Mar 2018 10:14:19 +0000 (11:14 +0100)
committerMichal Simek <michal.simek@xilinx.com>
Mon, 23 Apr 2018 06:57:39 +0000 (08:57 +0200)
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
tools/kwbimage.c patch | blob | blame | history

diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index ccecf8718537b04250a252adbf91f56ba6509772..df7daa4d6c81b7bb626bdd6af2b021e0335de423 100644 (file)
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1615,6 +1615,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
                                  struct image_tool_params *params)
 {
        uint8_t checksum;
+       size_t header_size = kwbimage_header_size(ptr);
+
+       if (header_size > image_size)
+               return -FDT_ERR_BADSTRUCTURE;
 
        if (!main_hdr_checksum_ok(ptr))
                return -FDT_ERR_BADSTRUCTURE;
"Das U-Boot" Source Tree