[U-Boot] [PATCH] tools: default image: use ih_size for checking data size

Jonas Gorski jogo at openwrt.org
Fri May 3 13:37:05 CEST 2013


Common image usage is uImage + appended rootfs, so the the uImage data
is only part of the total image. So read out and use the header's
ih_size field instead of the total file size.

To prevent reading over the end of the buffer, check that the image file
is big enough to contain the data before calculating its checksum.

Before:
~# mkimage -l dir665_fw_100NA.bin
mkimage: ERROR: "dir665_fw_100NA/dir665_fw_100NA.bin" has corrupted data!

After:
~# mkimage -l dir665_fw_100NA.bin
Image Name:   Linux Kernel Image
Created:      Fri Feb 12 03:38:36 2010
Image Type:   ARM Linux Kernel Image (lzma compressed)
Data Size:    1107781 Bytes = 1081.82 kB = 1.06 MB
Load Address: 00008000
Entry Point:  00008000

Signed-off-by: Jonas Gorski <jogo at openwrt.org>
---
 tools/default_image.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tools/default_image.c b/tools/default_image.c
index e9d0729..db20e53 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -86,10 +86,11 @@ static int image_verify_header(unsigned char *ptr, int image_size,
 	}
 
 	data = (const unsigned char *)ptr + sizeof(image_header_t);
-	len  = image_size - sizeof(image_header_t) ;
+	len  = be32_to_cpu(hdr->ih_size);
 
 	checksum = be32_to_cpu(hdr->ih_dcrc);
-	if (crc32(0, data, len) != checksum) {
+	if ((image_size - sizeof(image_header_t)) < len ||
+	    crc32(0, data, len) != checksum) {
 		fprintf(stderr,
 			"%s: ERROR: \"%s\" has corrupted data!\n",
 			params->cmdname, params->imagefile);
-- 
1.7.10.4



More information about the U-Boot mailing list