[U-Boot] [PATCH] kwbimage: Fix out of bounds access
Michal Simek
michal.simek at xilinx.com
Thu Mar 15 10:53:54 UTC 2018
On 15.3.2018 11:14, Alexander Graf wrote:
> The kwbimage format is reading beyond its header structure if it
> misdetects a Xilinx Zynq image and tries to read it. Fix it by
> sanity checking that the header we want to read fits inside our
> file size.
>
> Signed-off-by: Alexander Graf <agraf at suse.de>
> ---
> tools/kwbimage.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 3ca3b3b4a6..26686ad30f 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
> struct image_tool_params *params)
> {
> uint8_t checksum;
> + size_t header_size = kwbimage_header_size(ptr);
> +
> + if (header_size > image_size)
> + return -FDT_ERR_BADSTRUCTURE;
>
> if (!main_hdr_checksum_ok(ptr))
> return -FDT_ERR_BADSTRUCTURE;
>
Tested-by: Michal Simek <michal.simek at xilinx.com>
Thanks,
Michal
More information about the U-Boot
mailing list