summaryrefslogtreecommitdiff
path: root/fdtoverlay.c
diff options
context:
space:
mode:
author David Gibson <david@gibson.dropbear.id.au> 2019-06-30 14:58:31 +1000
committer David Gibson <david@gibson.dropbear.id.au> 2019-06-30 15:47:50 +1000
commit297f5abb362e4844ee313fdcd342fa4912e9894d (patch)
tree5f4007052af5609b5dfd4c4d5bfc3a456ca5305d /fdtoverlay.c
parent702c1b6c0e73d2bcf24f0b8398aca6a940863e48 (diff)
fdtoverlay: Check for truncated overlay blobs
The fdtoverlay helper program checks if it has read a base blob which is incomplete: that is, where the amount of data read in is less that the declared size of the blob. This applies the same check for safety to each overlay blob as well. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'fdtoverlay.c')
-rw-r--r--fdtoverlay.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/fdtoverlay.c b/fdtoverlay.c
index af909de..b2ac2e7 100644
--- a/fdtoverlay.c
+++ b/fdtoverlay.c
@@ -46,7 +46,7 @@ static int do_fdtoverlay(const char *input_filename,
{
char *blob = NULL;
char **ovblob = NULL;
- size_t blob_len, ov_len, total_len;
+ size_t blob_len, total_len;
int i, ret = -1;
blob = utilfdt_read(input_filename, &blob_len);
@@ -70,12 +70,20 @@ static int do_fdtoverlay(const char *input_filename,
/* read and keep track of the overlay blobs */
total_len = 0;
for (i = 0; i < argc; i++) {
+ size_t ov_len;
ovblob[i] = utilfdt_read(argv[i], &ov_len);
if (!ovblob[i]) {
fprintf(stderr, "\nFailed to read overlay %s\n",
argv[i]);
goto out_err;
}
+ if (fdt_totalsize(ovblob[i]) > ov_len) {
+ fprintf(stderr,
+"\nOverlay '%s' is incomplete (%lu / %" PRIu32 " bytes read)\n",
+ argv[i], (unsigned long)ov_len,
+ fdt_totalsize(ovblob[i]));
+ goto out_err;
+ }
total_len += ov_len;
}