| Message ID | 20201013063523.3653-1-christian.storm@siemens.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [libubootenv] uboot_env: fix infinite loop on short read (EOF) | expand |
On 13.10.20 08:35, Christian Storm wrote: > If the U-Boot environment configuration file fw_env.config happens > to have specified a length larger than the actual file's size, the > result is an infinite loop. Hence, check read()'s return value for > being 0, meaning EOF, and return an error. > > Signed-off-by: Christian Storm <christian.storm@siemens.com> > --- > src/uboot_env.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/uboot_env.c b/src/uboot_env.c > index 84c590a..e216da7 100644 > --- a/src/uboot_env.c > +++ b/src/uboot_env.c > @@ -460,6 +460,9 @@ static int fileread(struct uboot_flash_env *dev, void *data) > while (1) { > ret = read(dev->fd, data, remaining); > > + if (ret == 0 && remaining > 0) > + return -1; > + > if (ret < 0) > break; > > Acked-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
On 13.10.20 08:35, Christian Storm wrote: > If the U-Boot environment configuration file fw_env.config happens > to have specified a length larger than the actual file's size, the > result is an infinite loop. Hence, check read()'s return value for > being 0, meaning EOF, and return an error. > > Signed-off-by: Christian Storm <christian.storm@siemens.com> > --- > src/uboot_env.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/uboot_env.c b/src/uboot_env.c > index 84c590a..e216da7 100644 > --- a/src/uboot_env.c > +++ b/src/uboot_env.c > @@ -460,6 +460,9 @@ static int fileread(struct uboot_flash_env *dev, void *data) > while (1) { > ret = read(dev->fd, data, remaining); > > + if (ret == 0 && remaining > 0) > + return -1; > + > if (ret < 0) > break; > > Applied to -master, thanks ! Best regards, Stefano
diff --git a/src/uboot_env.c b/src/uboot_env.c index 84c590a..e216da7 100644 --- a/src/uboot_env.c +++ b/src/uboot_env.c @@ -460,6 +460,9 @@ static int fileread(struct uboot_flash_env *dev, void *data) while (1) { ret = read(dev->fd, data, remaining); + if (ret == 0 && remaining > 0) + return -1; + if (ret < 0) break;
If the U-Boot environment configuration file fw_env.config happens to have specified a length larger than the actual file's size, the result is an infinite loop. Hence, check read()'s return value for being 0, meaning EOF, and return an error. Signed-off-by: Christian Storm <christian.storm@siemens.com> --- src/uboot_env.c | 3 +++ 1 file changed, 3 insertions(+)