Message ID | b533e114df73cd8180ec4ab55102be7baf21816a.1482224309.git.michal.simek@xilinx.com |
---|---|
State | Accepted |
Commit | ac71d4103e94f943a83e9905b0c7c9d3deff54df |
Delegated to: | Tom Rini |
Headers | show |
On 20 December 2016 at 21:58, Michal Simek <michal.simek@xilinx.com> wrote: > This patch is fixing missing fclose() calls > in error patch introduced by: > "tools: mkimage: Use fstat instead of stat to avoid malicious hacks" > (sha1: ebe0f53f48e8f9ecc823e533a85b05c13638c350) > > Reported-by: Coverity (CID: 155064, 155065) > Signed-off-by: Michal Simek <michal.simek@xilinx.com> > --- > > tools/zynqimage.c | 8 ++++++-- > tools/zynqmpimage.c | 8 ++++++-- > 2 files changed, 12 insertions(+), 4 deletions(-) > Reviewed-by: Simon Glass <sjg@chromium.org> Either patch is fine.
On Tue, Dec 20, 2016 at 09:58:31AM +0100, Michal Simek wrote: > This patch is fixing missing fclose() calls > in error patch introduced by: > "tools: mkimage: Use fstat instead of stat to avoid malicious hacks" > (sha1: ebe0f53f48e8f9ecc823e533a85b05c13638c350) > > Reported-by: Coverity (CID: 155064, 155065) > Signed-off-by: Michal Simek <michal.simek@xilinx.com> > Reviewed-by: Simon Glass <sjg@chromium.org> Applied to u-boot/master, thanks!
diff --git a/tools/zynqimage.c b/tools/zynqimage.c index b47132b02a60..021d2d3fc91f 100644 --- a/tools/zynqimage.c +++ b/tools/zynqimage.c @@ -239,11 +239,15 @@ static void zynqimage_parse_initparams(struct zynq_header *zynqhdr, } err = fstat(fileno(fp), &path_stat); - if (err) + if (err) { + fclose(fp); return; + } - if (!S_ISREG(path_stat.st_mode)) + if (!S_ISREG(path_stat.st_mode)) { + fclose(fp); return; + } do { r = fscanf(fp, "%x %x", ®init.address, ®init.data); diff --git a/tools/zynqmpimage.c b/tools/zynqmpimage.c index 60d8ed23b4a1..0c9a3daddd6a 100644 --- a/tools/zynqmpimage.c +++ b/tools/zynqmpimage.c @@ -251,11 +251,15 @@ static void zynqmpimage_parse_initparams(struct zynqmp_header *zynqhdr, } err = fstat(fileno(fp), &path_stat); - if (err) + if (err) { + fclose(fp); return; + } - if (!S_ISREG(path_stat.st_mode)) + if (!S_ISREG(path_stat.st_mode)) { + fclose(fp); return; + } do { r = fscanf(fp, "%x %x", ®init.address, ®init.data);
This patch is fixing missing fclose() calls in error patch introduced by: "tools: mkimage: Use fstat instead of stat to avoid malicious hacks" (sha1: ebe0f53f48e8f9ecc823e533a85b05c13638c350) Reported-by: Coverity (CID: 155064, 155065) Signed-off-by: Michal Simek <michal.simek@xilinx.com> --- tools/zynqimage.c | 8 ++++++-- tools/zynqmpimage.c | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-)