From 9380445f65b260ddddbf8b7a083b364b7f59970f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pali=20Roh=C3=A1r?= Date: Fri, 23 Jul 2021 11:14:02 +0200 Subject: [PATCH] tools: kwbimage: Validate extended headers of v1 images MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Add basic checks for extended headers of v1 images. Signed-off-by: Pali Rohár Reviewed-by: Marek Behún Reviewed-by: Stefan Roese Reviewed-by: Chris Packham Tested-by: Chris Packham --- tools/kwbimage.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/tools/kwbimage.c b/tools/kwbimage.c index 4d9d818538..5d017dd5ac 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1670,6 +1670,35 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size, } } + if (image_version((void *)ptr) == 1) { + struct main_hdr_v1 *mhdr = (struct main_hdr_v1 *)ptr; + + if (mhdr->ext & 0x1) { + uint32_t ohdr_size; + struct opt_hdr_v1 *ohdr = (struct opt_hdr_v1 *) + (ptr + sizeof(*mhdr)); + + while (1) { + if ((uint8_t *)ohdr + sizeof(*ohdr) > + (uint8_t *)mhdr + header_size) + return -FDT_ERR_BADSTRUCTURE; + + ohdr_size = (ohdr->headersz_msb << 16) | + le16_to_cpu(ohdr->headersz_lsb); + + if (ohdr_size < 8 || + (uint8_t *)ohdr + ohdr_size > + (uint8_t *)mhdr + header_size) + return -FDT_ERR_BADSTRUCTURE; + + if (!(*((uint8_t *)ohdr + ohdr_size - 4) & 0x1)) + break; + ohdr = (struct opt_hdr_v1 *)((uint8_t *)ohdr + + ohdr_size); + } + } + } + return 0; } -- 2.39.5