[U-Boot] [PATCH] kwbimage: Fix out of bounds access
Alexander Graf
agraf at suse.de
Thu Mar 15 10:14:19 UTC 2018
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.
Signed-off-by: Alexander Graf <agraf at suse.de>
---
tools/kwbimage.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 3ca3b3b4a6..26686ad30f 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
struct image_tool_params *params)
{
uint8_t checksum;
+ size_t header_size = kwbimage_header_size(ptr);
+
+ if (header_size > image_size)
+ return -FDT_ERR_BADSTRUCTURE;
if (!main_hdr_checksum_ok(ptr))
return -FDT_ERR_BADSTRUCTURE;
--
2.12.3
More information about the U-Boot
mailing list