From patchwork Mon Dec 23 19:43:28 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aaro Koskinen X-Patchwork-Id: 304840 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 30BC62C00A5 for ; Tue, 24 Dec 2013 06:44:02 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750933Ab3LWTn6 (ORCPT ); Mon, 23 Dec 2013 14:43:58 -0500 Received: from filtteri1.pp.htv.fi ([213.243.153.184]:48396 "EHLO filtteri1.pp.htv.fi" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757624Ab3LWTnx (ORCPT ); Mon, 23 Dec 2013 14:43:53 -0500 Received: from localhost (localhost [127.0.0.1]) by filtteri1.pp.htv.fi (Postfix) with ESMTP id 6B00921B836; Mon, 23 Dec 2013 21:43:52 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at pp.htv.fi Received: from smtp5.welho.com ([213.243.153.39]) by localhost (filtteri1.pp.htv.fi [213.243.153.184]) (amavisd-new, port 10024) with ESMTP id TcToXN-ovrHo; Mon, 23 Dec 2013 21:43:47 +0200 (EET) Received: from blackmetal.bb.dnainternet.fi (91-145-91-118.bb.dnainternet.fi [91.145.91.118]) by smtp5.welho.com (Postfix) with ESMTP id 7BB5D5BC00C; Mon, 23 Dec 2013 21:43:47 +0200 (EET) From: Aaro Koskinen To: sparclinux@vger.kernel.org Cc: Aaro Koskinen Subject: [PATCH v2 06/11] tilo: sanity check image sizes Date: Mon, 23 Dec 2013 21:43:28 +0200 Message-Id: <1387827813-8279-7-git-send-email-aaro.koskinen@iki.fi> X-Mailer: git-send-email 1.8.5.1 In-Reply-To: <1387827813-8279-1-git-send-email-aaro.koskinen@iki.fi> References: <1387827813-8279-1-git-send-email-aaro.koskinen@iki.fi> Sender: sparclinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: sparclinux@vger.kernel.org Sanity check image sizes to prevent buffer overflow. Signed-off-by: Aaro Koskinen --- tilo/maketilo.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tilo/maketilo.c b/tilo/maketilo.c index 30eaef4c2868..6bc2f767fcb6 100644 --- a/tilo/maketilo.c +++ b/tilo/maketilo.c @@ -53,6 +53,14 @@ int root_tweak (char *s) return p ? (p + 32 + 0x1fff) & ~0x1fff : 0; /* add 32 bytes and round to 8 KB */ } +static void check_size (char const *name, int len, int pos, int max) +{ + if (max - pos < len) { + fprintf (stderr, "%s will not fit into the image.\n", name); + exit (EXIT_FAILURE); + } +} + int main (int argc, char **argv) { int i,len,rootlen; @@ -177,6 +185,8 @@ int main (int argc, char **argv) fseek (f, 0, SEEK_END); len = ftell (f); fseek (f, 0, SEEK_SET); + check_size (sun4_kernel, sun4_kernel_start - output_buffer, len, + MAX_BOOT_LEN); fread (sun4_kernel_start, 1, len, f); fclose (f); } else @@ -194,6 +204,8 @@ int main (int argc, char **argv) fseek (f, 0, SEEK_END); len = ftell (f); fseek (f, 0, SEEK_SET); + check_size (sun4c_kernel, sun4c_kernel_start - output_buffer, + len, MAX_BOOT_LEN); fread (sun4c_kernel_start, 1, len, f); fclose (f); } else @@ -211,6 +223,8 @@ int main (int argc, char **argv) fseek (f, 0, SEEK_END); len = ftell (f); fseek (f, 0, SEEK_SET); + check_size (sun4u_kernel, sun4u_kernel_start - output_buffer, + len, MAX_BOOT_LEN); fread (sun4u_kernel_start, 1, len, f); fclose (f); } else @@ -219,6 +233,8 @@ int main (int argc, char **argv) root_image_start = sun4u_kernel_start + len; if (root_image) { + check_size (root_image, root_image_start - output_buffer, len, + MAX_BOOT_LEN); fread (root_image_start, 1, rootlen, g); fclose (g); }