kwbimage: Fix out of bounds access
authorAlexander Graf <agraf@suse.de>
Thu, 15 Mar 2018 10:14:19 +0000 (11:14 +0100)
committerStefan Roese <sr@denx.de>
Fri, 30 Mar 2018 10:52:48 +0000 (12:52 +0200)
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.

Signed-off-by: Alexander Graf <agraf@suse.de>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
tools/kwbimage.c

index 3ca3b3b4a62f40e60d6d93fa70b2578803fa7ce2..26686ad30f98b8d5e2a39cff820c4a41c559681f 100644 (file)
@@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
                                  struct image_tool_params *params)
 {
        uint8_t checksum;
+       size_t header_size = kwbimage_header_size(ptr);
+
+       if (header_size > image_size)
+               return -FDT_ERR_BADSTRUCTURE;
 
        if (!main_hdr_checksum_ok(ptr))
                return -FDT_ERR_BADSTRUCTURE;