Re: [U-Boot] [PATCH] kwbimage: Fix out of bounds access

2018-03-30 Thread Stefan Roese 

On 15.03.2018 11:14, Alexander Graf wrote:

The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.

Signed-off-by: Alexander Graf 
---
  tools/kwbimage.c | 4 
  1 file changed, 4 insertions(+)

diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 3ca3b3b4a6..26686ad30f 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, 
int image_size,
  struct image_tool_params *params)
  {
uint8_t checksum;
+   size_t header_size = kwbimage_header_size(ptr);
+
+   if (header_size > image_size)
+   return -FDT_ERR_BADSTRUCTURE;
  
  	if (!main_hdr_checksum_ok(ptr))

return -FDT_ERR_BADSTRUCTURE;



Applied to u-boot-marvell/master.

Thanks,
Stefan
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH] kwbimage: Fix out of bounds access

2018-03-20 Thread Stefan Roese 

On 15.03.2018 11:14, Alexander Graf wrote:

The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.

Signed-off-by: Alexander Graf 
---
  tools/kwbimage.c | 4 
  1 file changed, 4 insertions(+)

diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 3ca3b3b4a6..26686ad30f 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, 
int image_size,
  struct image_tool_params *params)
  {
uint8_t checksum;
+   size_t header_size = kwbimage_header_size(ptr);
+
+   if (header_size > image_size)
+   return -FDT_ERR_BADSTRUCTURE;
  
  	if (!main_hdr_checksum_ok(ptr))

return -FDT_ERR_BADSTRUCTURE;



Reviewed-by: Stefan Roese 

Thanks,
Stefan
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Re: [U-Boot] [PATCH] kwbimage: Fix out of bounds access

2018-03-15 Thread Michal Simek 
On 15.3.2018 11:14, Alexander Graf wrote:
> The kwbimage format is reading beyond its header structure if it
> misdetects a Xilinx Zynq image and tries to read it. Fix it by
> sanity checking that the header we want to read fits inside our
> file size.
> 
> Signed-off-by: Alexander Graf 
> ---
>  tools/kwbimage.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/tools/kwbimage.c b/tools/kwbimage.c
> index 3ca3b3b4a6..26686ad30f 100644
> --- a/tools/kwbimage.c
> +++ b/tools/kwbimage.c
> @@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, 
> int image_size,
> struct image_tool_params *params)
>  {
>   uint8_t checksum;
> + size_t header_size = kwbimage_header_size(ptr);
> +
> + if (header_size > image_size)
> + return -FDT_ERR_BADSTRUCTURE;
>  
>   if (!main_hdr_checksum_ok(ptr))
>   return -FDT_ERR_BADSTRUCTURE;
> 

Tested-by: Michal Simek 

Thanks,
Michal
___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH] kwbimage: Fix out of bounds access

2018-03-15 Thread Alexander Graf 
The kwbimage format is reading beyond its header structure if it
misdetects a Xilinx Zynq image and tries to read it. Fix it by
sanity checking that the header we want to read fits inside our
file size.

Signed-off-by: Alexander Graf 
---
 tools/kwbimage.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 3ca3b3b4a6..26686ad30f 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1616,6 +1616,10 @@ static int kwbimage_verify_header(unsigned char *ptr, 
int image_size,
  struct image_tool_params *params)
 {
uint8_t checksum;
+   size_t header_size = kwbimage_header_size(ptr);
+
+   if (header_size > image_size)
+   return -FDT_ERR_BADSTRUCTURE;
 
if (!main_hdr_checksum_ok(ptr))
return -FDT_ERR_BADSTRUCTURE;
-- 
2.12.3

___
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot