[PATCH 3/4] tools: kwbimage: Verify size of image data

Stefan Roese sr at denx.de
Wed Aug 11 16:19:18 CEST 2021


On 11.08.21 10:14, Pali Rohár wrote:
> Part of image data is 4 byte checksum, so every image must contain at least
> 4 bytes. Verify it to prevent memory corruptions.
> 
> Signed-off-by: Pali Rohár <pali at kernel.org>

Reviewed-by: Stefan Roese <sr at denx.de>

Thanks,
Stefan

> ---
>   tools/kwbimage.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 84c41210e39e..5ac34ac5e9c8 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -1757,7 +1757,7 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
>   			return -FDT_ERR_BADSTRUCTURE;
>   
>   		size = le32_to_cpu(mhdr->blocksize);
> -		if (offset + size > image_size || size % 4 != 0)
> +		if (size < 4 || offset + size > image_size || size % 4 != 0)
>   			return -FDT_ERR_BADSTRUCTURE;
>   
>   		if (image_checksum32(ptr + offset, size - 4) !=
> 


Viele Grüße,
Stefan

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr at denx.de


More information about the U-Boot mailing list