[PATCH u-boot-mvebu 4/5] tools: kwboot: Fix sending very small images
Pali Rohár
pali at kernel.org
Thu Mar 23 20:57:54 CET 2023
Sending of very small images (smaller than 128 bytes = xmodem block size)
cause out-of-bound memory read access. Fix this issue by ensuring that
hdrsz when sending image is not larger than total size of the image.
Issue was introduced in commit f8017c37799c ("tools: kwboot: Fix sending
Kirkwood v0 images"). Special case when total image is smaller than header
size aligned to multiply of xmodem size is already handled since that
commit.
Fixes: f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images")
Signed-off-by: Pali Rohár <pali at kernel.org>
---
tools/kwboot.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/kwboot.c b/tools/kwboot.c
index 23a893a9b9f8..1cf78dda6755 100644
--- a/tools/kwboot.c
+++ b/tools/kwboot.c
@@ -1458,6 +1458,8 @@ kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate)
* followed by the header. So align header size to xmodem block size.
*/
hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ;
+ if (hdrsz > size)
+ hdrsz = size;
pnum = 1;
--
2.20.1
More information about the U-Boot
mailing list