kwbimage: Fix out of bounds access

The kwbimage format is reading beyond its header structure if it misdetects a Xilinx Zynq image and tries to read it. Fix it by sanity checking that the header we want to read fits inside our file size. Signed-off-by: N Alexander Graf <agraf@suse.de> Tested-by: N Michal Simek <michal.simek@xilinx.com> Reviewed-by: N Stefan Roese <sr@denx.de> Signed-off-by: N Stefan Roese <sr@denx.de>

kwbimage: Fix out of bounds access
The kwbimage format is reading beyond its header structure if it misdetects a Xilinx Zynq image and tries to read it. Fix it by sanity checking that the header we want to read fits inside our file size. Signed-off-by: N Alexander Graf <agraf@suse.de> Tested-by: N Michal Simek <michal.simek@xilinx.com> Reviewed-by: N Stefan Roese <sr@denx.de> Signed-off-by: N Stefan Roese <sr@denx.de>
6cd5678c · Alexander Graf · Stefan Roese · bc8cb152 · 6cd5678c
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

tools/kwbimage.c tools/kwbimage.c +4 -0

未找到文件。
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
 				  struct image_tool_params *params)
 {
 	uint8_t checksum;
+	size_t header_size = kwbimage_header_size(ptr);
+
+	if (header_size > image_size)
+		return -FDT_ERR_BADSTRUCTURE;

 	if (!main_hdr_checksum_ok(ptr))
 		return -FDT_ERR_BADSTRUCTURE;