]> git.dujemihanovic.xyz Git - u-boot.git/commit
tools: mkimage: Use fstat instead of stat to avoid malicious hacks
authorMichal Simek <michal.simek@xilinx.com>
Tue, 6 Dec 2016 16:17:01 +0000 (17:17 +0100)
committerTom Rini <trini@konsulko.com>
Fri, 9 Dec 2016 13:40:23 +0000 (08:40 -0500)
commitebe0f53f48e8f9ecc823e533a85b05c13638c350
treec6497cd58e831d72f1371d99cbe099d1d35d6516
parent963ed6f323a89bf3132d919d6a8c48cfe89a1d1e
tools: mkimage: Use fstat instead of stat to avoid malicious hacks

The patch is fixing:
"tools: mkimage: Check if file is regular file"
(sha1: 56c7e8015509312240b1ee15f2ff74510939a45d)
which contains two issues reported by Coverity
Unchecked return value from stat and incorrect calling sequence where
attack can happen between calling stat and fopen.
Using pair in opposite order (fopen and fstat) is fixing this issue
because fstat is using the same file descriptor (FILE *).

Also fixing issue with:
"tools: mkimage: Add support for initialization table for Zynq and
ZynqMP" (sha1: 3b6460809c2a28360029c1c48247648fac4455c9)
where file wasn't checked that it is regular file.

Reported-by: Coverity (CID: 154711, 154712)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
tools/zynqimage.c
tools/zynqmpimage.c