* [U-Boot] [PATCH] kwbimage: Fix out of bounds access
@ 2018-03-15 10:14 Alexander Graf
2018-03-15 10:53 ` Michal Simek
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Alexander Graf @ 2018-03-15 10:14 UTC (permalink / raw)
To: u-boot
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.
Signed-off-by: Alexander Graf <agraf@suse.de>
---
tools/kwbimage.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 3ca3b3b4a6..26686ad30f 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
struct image_tool_params *params)
{
uint8_t checksum;
+ size_t header_size = kwbimage_header_size(ptr);
+
+ if (header_size > image_size)
+ return -FDT_ERR_BADSTRUCTURE;
if (!main_hdr_checksum_ok(ptr))
return -FDT_ERR_BADSTRUCTURE;
--
2.12.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH] kwbimage: Fix out of bounds access
2018-03-15 10:14 [U-Boot] [PATCH] kwbimage: Fix out of bounds access Alexander Graf
@ 2018-03-15 10:53 ` Michal Simek
2018-03-20 11:01 ` Stefan Roese
2018-03-30 14:09 ` Stefan Roese
2 siblings, 0 replies; 4+ messages in thread
From: Michal Simek @ 2018-03-15 10:53 UTC (permalink / raw)
To: u-boot
On 15.3.2018 11:14, Alexander Graf wrote:
> The kwbimage format is reading beyond its header structure if it
> misdetects a Xilinx Zynq image and tries to read it. Fix it by
> sanity checking that the header we want to read fits inside our
> file size.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
> tools/kwbimage.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 3ca3b3b4a6..26686ad30f 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
> struct image_tool_params *params)
> {
> uint8_t checksum;
> + size_t header_size = kwbimage_header_size(ptr);
> +
> + if (header_size > image_size)
> + return -FDT_ERR_BADSTRUCTURE;
>
> if (!main_hdr_checksum_ok(ptr))
> return -FDT_ERR_BADSTRUCTURE;
>
Tested-by: Michal Simek <michal.simek@xilinx.com>
Thanks,
Michal
^ permalink raw reply [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH] kwbimage: Fix out of bounds access
2018-03-15 10:14 [U-Boot] [PATCH] kwbimage: Fix out of bounds access Alexander Graf
2018-03-15 10:53 ` Michal Simek
@ 2018-03-20 11:01 ` Stefan Roese
2018-03-30 14:09 ` Stefan Roese
2 siblings, 0 replies; 4+ messages in thread
From: Stefan Roese @ 2018-03-20 11:01 UTC (permalink / raw)
To: u-boot
On 15.03.2018 11:14, Alexander Graf wrote:
> The kwbimage format is reading beyond its header structure if it
> misdetects a Xilinx Zynq image and tries to read it. Fix it by
> sanity checking that the header we want to read fits inside our
> file size.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
> tools/kwbimage.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 3ca3b3b4a6..26686ad30f 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
> struct image_tool_params *params)
> {
> uint8_t checksum;
> + size_t header_size = kwbimage_header_size(ptr);
> +
> + if (header_size > image_size)
> + return -FDT_ERR_BADSTRUCTURE;
>
> if (!main_hdr_checksum_ok(ptr))
> return -FDT_ERR_BADSTRUCTURE;
>
Reviewed-by: Stefan Roese <sr@denx.de>
Thanks,
Stefan
^ permalink raw reply [flat|nested] 4+ messages in thread
* [U-Boot] [PATCH] kwbimage: Fix out of bounds access
2018-03-15 10:14 [U-Boot] [PATCH] kwbimage: Fix out of bounds access Alexander Graf
2018-03-15 10:53 ` Michal Simek
2018-03-20 11:01 ` Stefan Roese
@ 2018-03-30 14:09 ` Stefan Roese
2 siblings, 0 replies; 4+ messages in thread
From: Stefan Roese @ 2018-03-30 14:09 UTC (permalink / raw)
To: u-boot
On 15.03.2018 11:14, Alexander Graf wrote:
> The kwbimage format is reading beyond its header structure if it
> misdetects a Xilinx Zynq image and tries to read it. Fix it by
> sanity checking that the header we want to read fits inside our
> file size.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
> tools/kwbimage.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 3ca3b3b4a6..26686ad30f 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
> struct image_tool_params *params)
> {
> uint8_t checksum;
> + size_t header_size = kwbimage_header_size(ptr);
> +
> + if (header_size > image_size)
> + return -FDT_ERR_BADSTRUCTURE;
>
> if (!main_hdr_checksum_ok(ptr))
> return -FDT_ERR_BADSTRUCTURE;
>
Applied to u-boot-marvell/master.
Thanks,
Stefan
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-03-30 14:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-15 10:14 [U-Boot] [PATCH] kwbimage: Fix out of bounds access Alexander Graf
2018-03-15 10:53 ` Michal Simek
2018-03-20 11:01 ` Stefan Roese
2018-03-30 14:09 ` Stefan Roese
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.