[U-Boot] [PATCH] kwbimage: Fix out of bounds access

Michal Simek michal.simek at xilinx.com
Thu Mar 15 10:53:54 UTC 2018


On 15.3.2018 11:14, Alexander Graf wrote:
> The kwbimage format is reading beyond its header structure if it
> misdetects a Xilinx Zynq image and tries to read it. Fix it by
> sanity checking that the header we want to read fits inside our
> file size.
> 
> Signed-off-by: Alexander Graf <agraf at suse.de>
> ---
>  tools/kwbimage.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 3ca3b3b4a6..26686ad30f 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
>  				  struct image_tool_params *params)
>  {
>  	uint8_t checksum;
> +	size_t header_size = kwbimage_header_size(ptr);
> +
> +	if (header_size > image_size)
> +		return -FDT_ERR_BADSTRUCTURE;
>  
>  	if (!main_hdr_checksum_ok(ptr))
>  		return -FDT_ERR_BADSTRUCTURE;
> 

Tested-by: Michal Simek <michal.simek at xilinx.com>

Thanks,
Michal


More information about the U-Boot mailing list