From: Alexander Graf Date: Thu, 15 Mar 2018 10:14:19 +0000 (+0100) Subject: kwbimage: Fix out of bounds access X-Git-Tag: v2025.01-rc5-pxa1908~4620^2~19 X-Git-Url: http://git.dujemihanovic.xyz/projects?a=commitdiff_plain;h=6cd5678c45e7b684e7af88c256cdacd03a76fb1c;p=u-boot.git kwbimage: Fix out of bounds access The kwbimage format is reading beyond its header structure if it misdetects a Xilinx Zynq image and tries to read it. Fix it by sanity checking that the header we want to read fits inside our file size. Signed-off-by: Alexander Graf Tested-by: Michal Simek Reviewed-by: Stefan Roese Signed-off-by: Stefan Roese --- diff --git a/tools/kwbimage.c b/tools/kwbimage.c index 3ca3b3b4a6..26686ad30f 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size, struct image_tool_params *params) { uint8_t checksum; + size_t header_size = kwbimage_header_size(ptr); + + if (header_size > image_size) + return -FDT_ERR_BADSTRUCTURE; if (!main_hdr_checksum_ok(ptr)) return -FDT_ERR_BADSTRUCTURE;