]> git.dujemihanovic.xyz Git - u-boot.git/commit
tools: mkimage: Use fstat instead of stat to avoid malicious hacks
authorMichal Simek <michal.simek@xilinx.com>
Tue, 6 Dec 2016 15:38:13 +0000 (16:38 +0100)
committerMichal Simek <michal.simek@xilinx.com>
Thu, 8 Dec 2016 08:23:48 +0000 (09:23 +0100)
commit37a2cf6f1af0379c447ec4b6e321a3600492484c
tree231dc13a29a36f3a8860b0259b39cb89a486b31e
parent8814c0385356b02bf9a55b2e8388301b85f28067
tools: mkimage: Use fstat instead of stat to avoid malicious hacks

The patch is fixing:
"tools: mkimage: Check if file is regular file"
(sha1: 56c7e8015509312240b1ee15f2ff74510939a45d)
which contains two issues reported by Coverity
Unchecked return value from stat and incorrect calling sequence where
attack can happen between calling stat and fopen.
Using pair in opposite order (fopen and fstat) is fixing this issue
because fstat is using the same file descriptor (FILE *).

Also fixing issue with:
"tools: mkimage: Add support for initialization table for Zynq and
ZynqMP" (sha1: 3b6460809c2a28360029c1c48247648fac4455c9)
where file wasn't checked that it is regular file.

Reported-by: Coverity (CID: 154711, 154712)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Series-to: trini
Series-cc: u-boot
tools/zynqimage.c
tools/zynqmpimage.c