[PATCH 3/4] tools: kwbimage: Verify size of image data
Stefan Roese
sr at denx.de
Wed Aug 11 16:19:18 CEST 2021
On 11.08.21 10:14, Pali Rohár wrote:
> Part of image data is 4 byte checksum, so every image must contain at least
> 4 bytes. Verify it to prevent memory corruptions.
>
> Signed-off-by: Pali Rohár <pali at kernel.org>
Reviewed-by: Stefan Roese <sr at denx.de>
Thanks,
Stefan
> ---
> tools/kwbimage.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 84c41210e39e..5ac34ac5e9c8 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -1757,7 +1757,7 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
> return -FDT_ERR_BADSTRUCTURE;
>
> size = le32_to_cpu(mhdr->blocksize);
> - if (offset + size > image_size || size % 4 != 0)
> + if (size < 4 || offset + size > image_size || size % 4 != 0)
> return -FDT_ERR_BADSTRUCTURE;
>
> if (image_checksum32(ptr + offset, size - 4) !=
>
Viele Grüße,
Stefan
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr at denx.de
More information about the U-Boot
mailing list