From bb949e1da02b1744645e0c3a46fe9c2a67197fe8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Pali=20Roh=C3=A1r?= Date: Thu, 23 Mar 2023 20:57:54 +0100 Subject: [PATCH] tools: kwboot: Fix sending very small images MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Sending of very small images (smaller than 128 bytes = xmodem block size) cause out-of-bound memory read access. Fix this issue by ensuring that hdrsz when sending image is not larger than total size of the image. Issue was introduced in commit f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images"). Special case when total image is smaller than header size aligned to multiply of xmodem size is already handled since that commit. Fixes: f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images") Signed-off-by: Pali Rohár Reviewed-by: Stefan Roese --- tools/kwboot.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/kwboot.c b/tools/kwboot.c index 61a9c3065a..dc69063600 100644 --- a/tools/kwboot.c +++ b/tools/kwboot.c @@ -1455,6 +1455,8 @@ kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate) * followed by the header. So align header size to xmodem block size. */ hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ; + if (hdrsz > size) + hdrsz = size; pnum = 1; -- 2.39.5