[PATCH u-boot-mvebu 4/5] tools: kwboot: Fix sending very small images
Stefan Roese
sr at denx.de
Fri Mar 24 09:23:40 CET 2023
On 3/23/23 20:57, Pali Rohár wrote:
> Sending of very small images (smaller than 128 bytes = xmodem block size)
> cause out-of-bound memory read access. Fix this issue by ensuring that
> hdrsz when sending image is not larger than total size of the image.
> Issue was introduced in commit f8017c37799c ("tools: kwboot: Fix sending
> Kirkwood v0 images"). Special case when total image is smaller than header
> size aligned to multiply of xmodem size is already handled since that
> commit.
>
> Fixes: f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images")
> Signed-off-by: Pali Rohár <pali at kernel.org>
Reviewed-by: Stefan Roese <sr at denx.de>
Thanks,
Stefan
> ---
> tools/kwboot.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tools/kwboot.c b/tools/kwboot.c
> index 23a893a9b9f8..1cf78dda6755 100644
> --- a/tools/kwboot.c
> +++ b/tools/kwboot.c
> @@ -1458,6 +1458,8 @@ kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate)
> * followed by the header. So align header size to xmodem block size.
> */
> hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ;
> + if (hdrsz > size)
> + hdrsz = size;
>
> pnum = 1;
>
Viele Grüße,
Stefan Roese
--
DENX Software Engineering GmbH, Managing Director: Erika Unter
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr at denx.de
More information about the U-Boot
mailing list