kernel
/
dtc
mirror of https://git.kernel.org/pub/scm/utils/dtc/dtc.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fdtoverlay: Sanity check blob size 

The fdtoverlay utility reads in the base fdt blob, then expands it to make
room for all the overlays requested.  However, it uses the totalsize field
of the base blob without verifying that it actually read all of it in (it's
possible the blob file could have been truncated).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
main
David Gibson 2017-09-27 19:44:50 +10:00
parent 8c1eb1526d
commit b6a6f9490d
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
fdtoverlay.c
View File

@ -27,6 +27,7 @@
#include <stdlib.h>
#include <string.h>
#include <alloca.h>
#include <inttypes.h>

#include <libfdt.h>

@ -69,6 +70,12 @@ static int do_fdtoverlay(const char *input_filename,
input_filename);
goto out_err;
}
if (fdt_totalsize(blob) > blob_len) {
fprintf(stderr,
"\nBase blob is incomplete (%lu / %" PRIu32 " bytes read)\n",
(unsigned long)blob_len, fdt_totalsize(blob));
goto out_err;
}
ret = 0;

/* allocate blob pointer array */