[U-Boot] [PATCH] tools: default image: use ih_size for checking data size

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Jonas Gorski <jogo@openwrt.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH] tools: default image: use ih_size for checking data size
Date: Fri,  3 May 2013 13:37:05 +0200	[thread overview]
Message-ID: <1367581025-26740-1-git-send-email-jogo@openwrt.org> (raw)

Common image usage is uImage + appended rootfs, so the the uImage data
is only part of the total image. So read out and use the header's
ih_size field instead of the total file size.

To prevent reading over the end of the buffer, check that the image file
is big enough to contain the data before calculating its checksum.

Before:
~# mkimage -l dir665_fw_100NA.bin
mkimage: ERROR: "dir665_fw_100NA/dir665_fw_100NA.bin" has corrupted data!

After:
~# mkimage -l dir665_fw_100NA.bin
Image Name:   Linux Kernel Image
Created:      Fri Feb 12 03:38:36 2010
Image Type:   ARM Linux Kernel Image (lzma compressed)
Data Size:    1107781 Bytes = 1081.82 kB = 1.06 MB
Load Address: 00008000
Entry Point:  00008000

Signed-off-by: Jonas Gorski <jogo@openwrt.org>
---
 tools/default_image.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tools/default_image.c b/tools/default_image.c
index e9d0729..db20e53 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -86,10 +86,11 @@ static int image_verify_header(unsigned char *ptr, int image_size,
 	}
 
 	data = (const unsigned char *)ptr + sizeof(image_header_t);
-	len  = image_size - sizeof(image_header_t) ;
+	len  = be32_to_cpu(hdr->ih_size);
 
 	checksum = be32_to_cpu(hdr->ih_dcrc);
-	if (crc32(0, data, len) != checksum) {
+	if ((image_size - sizeof(image_header_t)) < len ||
+	    crc32(0, data, len) != checksum) {
 		fprintf(stderr,
 			"%s: ERROR: \"%s\" has corrupted data!\n",
 			params->cmdname, params->imagefile);
-- 
1.7.10.4

next             reply	other threads:[~2013-05-03 11:37 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-03 11:37 Jonas Gorski [this message]
2013-05-03 15:04 ` [U-Boot] [PATCH] tools: default image: use ih_size for checking data size Wolfgang Denk
2013-05-03 15:42   ` Jonas Gorski
2013-05-03 15:54     ` Wolfgang Denk
2013-05-03 16:31       ` Jonas Gorski
2013-05-03 19:13         ` Wolfgang Denk
2013-05-07 15:16 ` Peter Korsgaard

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e9d0729 dfblob:db20e53 )
 OR (
bs:"[U-Boot] [PATCH] tools: default image: use ih_size for checking data size" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1367581025-26740-1-git-send-email-jogo@openwrt.org \
    --to=jogo@openwrt.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox