From: Pali Rohár <pali@kernel.org>
Date: Wed, 11 Aug 2021 08:14:16 +0000 (+0200)
Subject: tools: kwbimage: Verify size of image data
X-Git-Tag: v2021.10~37^2~13
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a008dbaa8ce2d4142e17780177faa381fd59bb4e;p=platform%2Fkernel%2Fu-boot.git

tools: kwbimage: Verify size of image data

Part of image data is 4 byte checksum, so every image must contain at least
4 bytes. Verify it to prevent memory corruptions.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
---

diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 4709c6d..f47e52f 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1745,7 +1745,7 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
 			return -FDT_ERR_BADSTRUCTURE;
 
 		size = le32_to_cpu(mhdr->blocksize);
-		if (offset + size > image_size || size % 4 != 0)
+		if (size < 4 || offset + size > image_size || size % 4 != 0)
 			return -FDT_ERR_BADSTRUCTURE;
 
 		if (image_checksum32(ptr + offset, size - 4) !=