From 33a0af2d8041b027cfbf6ab23c93026339aff142 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pali=20Roh=C3=A1r?= Date: Wed, 11 Aug 2021 10:14:15 +0200 Subject: [PATCH] tools: kwbimage: Verify size of v0 image header MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Check that extended image header size is not larger than file size. Signed-off-by: Pali Rohár Reviewed-by: Stefan Roese --- tools/kwbimage.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/kwbimage.c b/tools/kwbimage.c index 542779ed48..4709c6d544 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1670,6 +1670,9 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size, if (mhdr->ext & 0x1) { struct ext_hdr_v0 *ext_hdr; + if (header_size + sizeof(*ext_hdr) > image_size) + return -FDT_ERR_BADSTRUCTURE; + ext_hdr = (struct ext_hdr_v0 *) (ptr + sizeof(struct main_hdr_v0)); checksum = image_checksum8(ext_hdr, -- 2.39.5