From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 37CD9C74A5B for ; Thu, 23 Mar 2023 19:58:53 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CAE6E85780; Thu, 23 Mar 2023 20:58:41 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="UoI7vkx1"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 17A3A85867; Thu, 23 Mar 2023 20:58:36 +0100 (CET) Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 29DA8858AB for ; Thu, 23 Mar 2023 20:58:32 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=pali@kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id BE88FB82242; Thu, 23 Mar 2023 19:58:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5A0AFC433EF; Thu, 23 Mar 2023 19:58:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1679601510; bh=NVDvqfGs0NYlPZG3LI71lRCgcTuRoyk2LqtIcp7a+SY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UoI7vkx1gO8Nu+zbtvTUHteOu0SVuXv1FF20xfmJtGo8BPSSRHvZPvXDEUi0iO5Tb 6UyLYJvEbUCS8KXiqplASNmmeePkoBUuEbWPMfK6A06mt1bSTd2aenAX+nTZBwtCx9 SVetHjh/xex654G+zGYMf0qbUqJ5u+4WsO8YotCBfMxccj20DvR3W1eVaS/waMq63q Ap+i8+V7A9guVr7TngCFsV/43C7UN3rsfWzSJG/lcNniCxaeccLRAl7189ziF0j36R 6+anPxJPtn3De1sVZQS7ToHWvz3eaKvaPDu1GlDAOXGb9cUUrOJfn382E7lZEfGur0 qn3KRKOyyEKnQ== Received: by pali.im (Postfix) id DD99023F6; Thu, 23 Mar 2023 20:58:27 +0100 (CET) From: =?UTF-8?q?Pali=20Roh=C3=A1r?= To: Stefan Roese , Martin Rowe Cc: u-boot@lists.denx.de Subject: [PATCH u-boot-mvebu 4/5] tools: kwboot: Fix sending very small images Date: Thu, 23 Mar 2023 20:57:54 +0100 Message-Id: <20230323195755.5131-5-pali@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230323195755.5131-1-pali@kernel.org> References: <20230323195755.5131-1-pali@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Sending of very small images (smaller than 128 bytes = xmodem block size) cause out-of-bound memory read access. Fix this issue by ensuring that hdrsz when sending image is not larger than total size of the image. Issue was introduced in commit f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images"). Special case when total image is smaller than header size aligned to multiply of xmodem size is already handled since that commit. Fixes: f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images") Signed-off-by: Pali Rohár --- tools/kwboot.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/kwboot.c b/tools/kwboot.c index 23a893a9b9f8..1cf78dda6755 100644 --- a/tools/kwboot.c +++ b/tools/kwboot.c @@ -1458,6 +1458,8 @@ kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate) * followed by the header. So align header size to xmodem block size. */ hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ; + if (hdrsz > size) + hdrsz = size; pnum = 1; -- 2.20.1