[PATCH u-boot-mvebu 4/5] tools: kwboot: Fix sending very small images

Stefan Roese sr at denx.de
Fri Mar 24 09:23:40 CET 2023


On 3/23/23 20:57, Pali Rohár wrote:
> Sending of very small images (smaller than 128 bytes = xmodem block size)
> cause out-of-bound memory read access. Fix this issue by ensuring that
> hdrsz when sending image is not larger than total size of the image.
> Issue was introduced in commit f8017c37799c ("tools: kwboot: Fix sending
> Kirkwood v0 images"). Special case when total image is smaller than header
> size aligned to multiply of xmodem size is already handled since that
> commit.
> 
> Fixes: f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images")
> Signed-off-by: Pali Rohár <pali at kernel.org>

Reviewed-by: Stefan Roese <sr at denx.de>

Thanks,
Stefan

> ---
>   tools/kwboot.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/tools/kwboot.c b/tools/kwboot.c
> index 23a893a9b9f8..1cf78dda6755 100644
> --- a/tools/kwboot.c
> +++ b/tools/kwboot.c
> @@ -1458,6 +1458,8 @@ kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate)
>   	 * followed by the header. So align header size to xmodem block size.
>   	 */
>   	hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ;
> +	if (hdrsz > size)
> +		hdrsz = size;
>   
>   	pnum = 1;
>   

Viele Grüße,
Stefan Roese

-- 
DENX Software Engineering GmbH,      Managing Director: Erika Unter
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr at denx.de


More information about the U-Boot mailing list