From: Pali Rohár <p...@kernel.org>
Add basic checks for extended headers of v1 images.
Signed-off-by: Pali Rohár <p...@kernel.org>
Reviewed-by: Marek Behún <marek.be...@nic.cz>
---
tools/kwbimage.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 5192edb330..5f7cb8376a 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1668,6 +1668,34 @@ static int kwbimage_verify_header(unsigned char *ptr,
int image_size,
}
}
+ if (image_version((void *)ptr) == 1) {
+ struct main_hdr_v1 *mhdr = (struct main_hdr_v1 *)ptr;
+
+ if (mhdr->ext & 0x1) {
+ uint32_t ohdr_size;
+ struct opt_hdr_v1 *ohdr = (struct opt_hdr_v1 *)
+ (ptr + sizeof(*mhdr));
+
+ while (1) {
+ if ((uint8_t *)ohdr + sizeof(*ohdr) >
+ (uint8_t *)mhdr + header_size)
+ return -FDT_ERR_BADSTRUCTURE;
+
+ ohdr_size = (ohdr->headersz_msb << 16) |
+ le16_to_cpu(ohdr->headersz_lsb);
+
+ if ((uint8_t *)ohdr + 4 + ohdr_size + 4 >
+ (uint8_t *)mhdr + header_size)
+ return -FDT_ERR_BADSTRUCTURE;
+
+ if (!(*((uint8_t *)ohdr + 4 + ohdr_size) & 0x1))
+ break;
+ ohdr = (struct opt_hdr_v1 *)((uint8_t *)ohdr +
+ 4 + ohdr_size + 4);
+ }
+ }
+ }
+
return 0;
}
--
2.31.1
