diff options
| author | Alexander Graf <agraf@suse.de> | 2018-03-15 11:14:19 +0100 |
|---|---|---|
| committer | Stefan Roese <sr@denx.de> | 2018-03-30 12:52:48 +0200 |
| commit | 6cd5678c45e7b684e7af88c256cdacd03a76fb1c (patch) | |
| tree | ccca6ff3c9f538a804054b7dae0880fccb6657c6 /tools | |
| parent | bc8cb152d8fbea100023917c285129a6d9ccc3ba (diff) | |
| download | u-boot-6cd5678c45e7b684e7af88c256cdacd03a76fb1c.tar.gz u-boot-6cd5678c45e7b684e7af88c256cdacd03a76fb1c.tar.bz2 u-boot-6cd5678c45e7b684e7af88c256cdacd03a76fb1c.zip | |
kwbimage: Fix out of bounds access
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.
Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/kwbimage.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/tools/kwbimage.c b/tools/kwbimage.c index 3ca3b3b4a6..26686ad30f 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size, struct image_tool_params *params) { uint8_t checksum; + size_t header_size = kwbimage_header_size(ptr); + + if (header_size > image_size) + return -FDT_ERR_BADSTRUCTURE; if (!main_hdr_checksum_ok(ptr)) return -FDT_ERR_BADSTRUCTURE; |