11 Aug
2021
11 Aug
'21
4:19 p.m.
On 11.08.21 10:14, Pali Rohár wrote:
Part of image data is 4 byte checksum, so every image must contain at least 4 bytes. Verify it to prevent memory corruptions.
Signed-off-by: Pali Rohár pali@kernel.org
Reviewed-by: Stefan Roese sr@denx.de
Thanks, Stefan
tools/kwbimage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/kwbimage.c b/tools/kwbimage.c index 84c41210e39e..5ac34ac5e9c8 100644 --- a/tools/kwbimage.c +++ b/tools/kwbimage.c @@ -1757,7 +1757,7 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size, return -FDT_ERR_BADSTRUCTURE;
size = le32_to_cpu(mhdr->blocksize);
if (offset + size > image_size || size % 4 != 0)
if (size < 4 || offset + size > image_size || size % 4 != 0) return -FDT_ERR_BADSTRUCTURE;if (image_checksum32(ptr + offset, size - 4) !=
Viele Grüße, Stefan
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-51 Fax: (+49)-8142-66989-80 Email: sr@denx.de