[U-Boot] [PATCH v2] libfdt: Fix segfault when calling fit_check

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [U-Boot] [PATCH v2] libfdt: Fix segfault when calling fit_check_format() on corrupt FIT images
@ 2014-02-26 16:32 Tom Rini
  2014-06-19 15:20 ` [U-Boot] [U-Boot, " Tom Rini
  0 siblings, 1 reply; 2+ messages in thread
From: Tom Rini @ 2014-02-26 16:32 UTC (permalink / raw)
  To: u-boot

From: Jon Nalley <lists@bluebot.org>

It has been observed that fit_check_format() will fail when passed a
corrupt FIT image.  This was tracked down to _fdt_string_eq():
return (strlen(p) == len) && (memcmp(p, s, len) == 0);

In the case of a corrupt FIT image one can't depend on 'p' being NULL
terminated.  I changed it to use strnlen() to fix the issue.

Signed-off-by: Tom Rini <trini@ti.com>

---
Changes in v2:
- Pass len + 1, not len to strnlen as that's the best practice for
  strnlen.
---
 lib/libfdt/fdt_ro.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/libfdt/fdt_ro.c b/lib/libfdt/fdt_ro.c
index f2154e8..36af043 100644
--- a/lib/libfdt/fdt_ro.c
+++ b/lib/libfdt/fdt_ro.c
@@ -44,7 +44,7 @@ static int _fdt_string_eq(const void *fdt, int stroffset,
 {
 	const char *p = fdt_string(fdt, stroffset);
 
-	return (strlen(p) == len) && (memcmp(p, s, len) == 0);
+	return (strnlen(p, len + 1) == len) && (memcmp(p, s, len) == 0);
 }
 
 int fdt_get_mem_rsv(const void *fdt, int n, uint64_t *address, uint64_t *size)
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [U-Boot] [U-Boot, v2] libfdt: Fix segfault when calling fit_check_format() on corrupt FIT images
  2014-02-26 16:32 [U-Boot] [PATCH v2] libfdt: Fix segfault when calling fit_check_format() on corrupt FIT images Tom Rini
@ 2014-06-19 15:20 ` Tom Rini
  0 siblings, 0 replies; 2+ messages in thread
From: Tom Rini @ 2014-06-19 15:20 UTC (permalink / raw)
  To: u-boot

On Wed, Feb 26, 2014 at 11:32:21AM -0500, Tom Rini wrote:

> From: Jon Nalley <lists@bluebot.org>
> 
> It has been observed that fit_check_format() will fail when passed a
> corrupt FIT image.  This was tracked down to _fdt_string_eq():
> return (strlen(p) == len) && (memcmp(p, s, len) == 0);
> 
> In the case of a corrupt FIT image one can't depend on 'p' being NULL
> terminated.  I changed it to use strnlen() to fix the issue.
> 
> Signed-off-by: Tom Rini <trini@ti.com>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20140619/be91ee53/attachment.pgp>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-06-19 15:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-26 16:32 [U-Boot] [PATCH v2] libfdt: Fix segfault when calling fit_check_format() on corrupt FIT images Tom Rini
2014-06-19 15:20 ` [U-Boot] [U-Boot, " Tom Rini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox