From patchwork Fri May 3 11:37:05 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonas Gorski X-Patchwork-Id: 241306 X-Patchwork-Delegate: wd@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id C20A32C00CA for ; Fri, 3 May 2013 22:40:31 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 4319B4A338; Fri, 3 May 2013 14:40:28 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9nYOrnudMdL0; Fri, 3 May 2013 14:40:28 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id ADB304A33A; Fri, 3 May 2013 14:39:55 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 711684A311 for ; Fri, 3 May 2013 13:42:46 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q5O1ceKo0emp for ; Fri, 3 May 2013 13:42:40 +0200 (CEST) X-Greylist: delayed 320 seconds by postgrey-1.27 at theia; Fri, 03 May 2013 13:42:34 CEST X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from mail.nanl.de (mail.nanl.de [217.115.11.12]) by theia.denx.de (Postfix) with ESMTPS id 708F94A310 for ; Fri, 3 May 2013 13:42:34 +0200 (CEST) Received: from ixxyvirt.lan (dslb-088-073-012-093.pools.arcor-ip.net [88.73.12.93]) by mail.nanl.de (Postfix) with ESMTPSA id 87E6945F80 for ; Fri, 3 May 2013 11:37:00 +0000 (UTC) From: Jonas Gorski To: u-boot@lists.denx.de Date: Fri, 3 May 2013 13:37:05 +0200 Message-Id: <1367581025-26740-1-git-send-email-jogo@openwrt.org> X-Mailer: git-send-email 1.7.10.4 X-Mailman-Approved-At: Fri, 03 May 2013 14:39:50 +0200 Subject: [U-Boot] [PATCH] tools: default image: use ih_size for checking data size X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.11 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: u-boot-bounces@lists.denx.de Errors-To: u-boot-bounces@lists.denx.de Common image usage is uImage + appended rootfs, so the the uImage data is only part of the total image. So read out and use the header's ih_size field instead of the total file size. To prevent reading over the end of the buffer, check that the image file is big enough to contain the data before calculating its checksum. Before: ~# mkimage -l dir665_fw_100NA.bin mkimage: ERROR: "dir665_fw_100NA/dir665_fw_100NA.bin" has corrupted data! After: ~# mkimage -l dir665_fw_100NA.bin Image Name: Linux Kernel Image Created: Fri Feb 12 03:38:36 2010 Image Type: ARM Linux Kernel Image (lzma compressed) Data Size: 1107781 Bytes = 1081.82 kB = 1.06 MB Load Address: 00008000 Entry Point: 00008000 Signed-off-by: Jonas Gorski --- tools/default_image.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/default_image.c b/tools/default_image.c index e9d0729..db20e53 100644 --- a/tools/default_image.c +++ b/tools/default_image.c @@ -86,10 +86,11 @@ static int image_verify_header(unsigned char *ptr, int image_size, } data = (const unsigned char *)ptr + sizeof(image_header_t); - len = image_size - sizeof(image_header_t) ; + len = be32_to_cpu(hdr->ih_size); checksum = be32_to_cpu(hdr->ih_dcrc); - if (crc32(0, data, len) != checksum) { + if ((image_size - sizeof(image_header_t)) < len || + crc32(0, data, len) != checksum) { fprintf(stderr, "%s: ERROR: \"%s\" has corrupted data!\n", params->cmdname, params->imagefile);