From 33a0af2d8041b027cfbf6ab23c93026339aff142 Mon Sep 17 00:00:00 2001
From: Pali Rohár <pali@kernel.org>
Date: Wed, 11 Aug 2021 10:14:15 +0200
Subject: tools: kwbimage: Verify size of v0 image header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Check that extended image header size is not larger than file size.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
---
 tools/kwbimage.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'tools')

diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 542779ed48..4709c6d544 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -1670,6 +1670,9 @@ static int kwbimage_verify_header(unsigned char *ptr, int image_size,
 		if (mhdr->ext & 0x1) {
 			struct ext_hdr_v0 *ext_hdr;
 
+			if (header_size + sizeof(*ext_hdr) > image_size)
+				return -FDT_ERR_BADSTRUCTURE;
+
 			ext_hdr = (struct ext_hdr_v0 *)
 				(ptr + sizeof(struct main_hdr_v0));
 			checksum = image_checksum8(ext_hdr,
-- 
cgit v1.2.3