[PATCH u-boot-mvebu 4/5] tools: kwboot: Fix sending very small images

Pali Rohár pali at kernel.org
Thu Mar 23 20:57:54 CET 2023


Sending of very small images (smaller than 128 bytes = xmodem block size)
cause out-of-bound memory read access. Fix this issue by ensuring that
hdrsz when sending image is not larger than total size of the image.
Issue was introduced in commit f8017c37799c ("tools: kwboot: Fix sending
Kirkwood v0 images"). Special case when total image is smaller than header
size aligned to multiply of xmodem size is already handled since that
commit.

Fixes: f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images")
Signed-off-by: Pali Rohár <pali at kernel.org>
---
 tools/kwboot.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/kwboot.c b/tools/kwboot.c
index 23a893a9b9f8..1cf78dda6755 100644
--- a/tools/kwboot.c
+++ b/tools/kwboot.c
@@ -1458,6 +1458,8 @@ kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate)
 	 * followed by the header. So align header size to xmodem block size.
 	 */
 	hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ;
+	if (hdrsz > size)
+		hdrsz = size;
 
 	pnum = 1;
 
-- 
2.20.1



More information about the U-Boot mailing list