kwbimage: Fix out of bounds access

The kwbimage format is reading beyond its header structure if it misdetects a Xilinx Zynq image and tries to read it. Fix it by sanity checking that the header we want to read fits inside our file size. Signed-off-by: Alexander Graf <agraf@suse.de> Tested-by: Michal Simek <michal.simek@xilinx.com> Reviewed-by: Stefan Roese <sr@denx.de> Signed-off-by: Stefan Roese <sr@denx.de>
author: Alexander Graf <agraf@suse.de> 2018-03-15 11:14:19 +0100
committer: Stefan Roese <sr@denx.de> 2018-03-30 12:52:48 +0200
commit: 6cd5678c45e7b684e7af88c256cdacd03a76fb1c (patch)
tree: ccca6ff3c9f538a804054b7dae0880fccb6657c6 /tools
parent: bc8cb152d8fbea100023917c285129a6d9ccc3ba (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 3ca3b3b4a6..26686ad30f 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
 				  struct image_tool_params *params)
 {
 	uint8_t checksum;
+	size_t header_size = kwbimage_header_size(ptr);
+
+	if (header_size > image_size)
+		return -FDT_ERR_BADSTRUCTURE;
 
 	if (!main_hdr_checksum_ok(ptr))
 		return -FDT_ERR_BADSTRUCTURE;
author	Alexander Graf <agraf@suse.de>	2018-03-15 11:14:19 +0100
committer	Stefan Roese <sr@denx.de>	2018-03-30 12:52:48 +0200
commit	6cd5678c45e7b684e7af88c256cdacd03a76fb1c (patch)
tree	ccca6ff3c9f538a804054b7dae0880fccb6657c6 /tools
parent	bc8cb152d8fbea100023917c285129a6d9ccc3ba (diff)