[U-Boot] [PATCH v2] libfdt: Fix segfault when calling fit_check_format() on corrupt FIT images
Tom Rini
trini at ti.com
Wed Feb 26 17:32:21 CET 2014
From: Jon Nalley <lists at bluebot.org>
It has been observed that fit_check_format() will fail when passed a
corrupt FIT image. This was tracked down to _fdt_string_eq():
return (strlen(p) == len) && (memcmp(p, s, len) == 0);
In the case of a corrupt FIT image one can't depend on 'p' being NULL
terminated. I changed it to use strnlen() to fix the issue.
Signed-off-by: Tom Rini <trini at ti.com>
---
Changes in v2:
- Pass len + 1, not len to strnlen as that's the best practice for
strnlen.
---
lib/libfdt/fdt_ro.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libfdt/fdt_ro.c b/lib/libfdt/fdt_ro.c
index f2154e8..36af043 100644
--- a/lib/libfdt/fdt_ro.c
+++ b/lib/libfdt/fdt_ro.c
@@ -44,7 +44,7 @@ static int _fdt_string_eq(const void *fdt, int stroffset,
{
const char *p = fdt_string(fdt, stroffset);
- return (strlen(p) == len) && (memcmp(p, s, len) == 0);
+ return (strnlen(p, len + 1) == len) && (memcmp(p, s, len) == 0);
}
int fdt_get_mem_rsv(const void *fdt, int n, uint64_t *address, uint64_t *size)
--
1.7.9.5
More information about the U-Boot
mailing list