Virtualization
/
dtc
mirror of https://gitlab.com/qemu-project/dtc.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fdtoverlay: Check for truncated overlay blobs 

The fdtoverlay helper program checks if it has read a base blob which is
incomplete: that is, where the amount of data read in is less that the
declared size of the blob.

This applies the same check for safety to each overlay blob as well.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
David Gibson 2019-06-30 14:58:31 +10:00
parent 702c1b6c0e
commit 297f5abb36
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fdtoverlay.c
View File

@ -46,7 +46,7 @@ static int do_fdtoverlay(const char *input_filename,
{
char *blob = NULL;
char **ovblob = NULL;
size_t blob_len, ov_len, total_len;
size_t blob_len, total_len;
int i, ret = -1;
blob = utilfdt_read(input_filename, &blob_len);
@ -70,12 +70,20 @@ static int do_fdtoverlay(const char *input_filename,
/* read and keep track of the overlay blobs */
total_len = 0;
for (i = 0; i < argc; i++) {
size_t ov_len;
ovblob[i] = utilfdt_read(argv[i], &ov_len);
if (!ovblob[i]) {
fprintf(stderr, "\nFailed to read overlay %s\n",
argv[i]);
goto out_err;
}
if (fdt_totalsize(ovblob[i]) > ov_len) {
fprintf(stderr,
"\nOverlay '%s' is incomplete (%lu / %" PRIu32 " bytes read)\n",
argv[i], (unsigned long)ov_len,
fdt_totalsize(ovblob[i]));
goto out_err;
}
total_len += ov_len;
}