env: Crash in 'env import' when using checksum and a specific size

This patch adds a sanity check that avoids 'size' to overflow and crash when
importing an environment that contains a checksum. Example with the wrong size
that causes the crash:

=> env import -c 0x4100000 3 v1

This assumes that v1 has already been successfully exported with
'env export -c -s 0x100 0x4100000 v1'

Signed-off-by: Pedro Aguilar <pedro.aguilar@vimar.com>

diff --git a/cmd/nvedit.c b/cmd/nvedit.c
index d188c6aa6b73a3d16463e0b01c253e4598f1b32e..9f145dd2846e21524a2bb10641907187f139d21b 100644 (file)
--- a/cmd/nvedit.c
+++ b/cmd/nvedit.c
@@ -1171,6 +1171,11 @@ static int do_env_import(struct cmd_tbl *cmdtp, int flag,
                uint32_t crc;
                env_t *ep = (env_t *)ptr;
 
+               if (size <= offsetof(env_t, data)) {
+                       printf("## Error: Invalid size 0x%zX\n", size);
+                       return 1;
+               }
+
                size -= offsetof(env_t, data);
                memcpy(&crc, &ep->crc, sizeof(crc));