From: Pali Rohár <pali@kernel.org>
Date: Fri, 23 Jul 2021 09:14:02 +0000 (+0200)
Subject: tools: kwbimage: Validate extended headers of v1 images
X-Git-Url: http://git.dujemihanovic.xyz/img/static/git-logo.png?a=commitdiff_plain;h=9380445f65b260ddddbf8b7a083b364b7f59970f;p=u-boot.git

tools: kwbimage: Validate extended headers of v1 images

Add basic checks for extended headers of v1 images.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Stefan Roese <sr@denx.de>
Reviewed-by: Chris Packham <judge.packham@gmail.com>
Tested-by: Chris Packham <judge.packham@gmail.com>
---

diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 4d9d818538..5d017dd5ac 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1670,6 +1670,35 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
 		}
 	}
 
+	if (image_version((void *)ptr) == 1) {
+		struct main_hdr_v1 *mhdr = (struct main_hdr_v1 *)ptr;
+
+		if (mhdr->ext & 0x1) {
+			uint32_t ohdr_size;
+			struct opt_hdr_v1 *ohdr = (struct opt_hdr_v1 *)
+						  (ptr + sizeof(*mhdr));
+
+			while (1) {
+				if ((uint8_t *)ohdr + sizeof(*ohdr) >
+				    (uint8_t *)mhdr + header_size)
+					return -FDT_ERR_BADSTRUCTURE;
+
+				ohdr_size = (ohdr->headersz_msb << 16) |
+					    le16_to_cpu(ohdr->headersz_lsb);
+
+				if (ohdr_size < 8 ||
+				    (uint8_t *)ohdr + ohdr_size >
+				    (uint8_t *)mhdr + header_size)
+					return -FDT_ERR_BADSTRUCTURE;
+
+				if (!(*((uint8_t *)ohdr + ohdr_size - 4) & 0x1))
+					break;
+				ohdr = (struct opt_hdr_v1 *)((uint8_t *)ohdr +
+							     ohdr_size);
+			}
+		}
+	}
+
 	return 0;
 }