fdtoverlay: Check for truncated overlay blobs

The fdtoverlay helper program checks if it has read a base blob which is
incomplete: that is, where the amount of data read in is less that the
declared size of the blob.

This applies the same check for safety to each overlay blob as well.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

1 files changed, 9 insertions, 1 deletions

diff --git a/fdtoverlay.c b/fdtoverlay.c
index af909de..b2ac2e7 100644
--- a/fdtoverlay.c
+++ b/fdtoverlay.c
@@ -46,7 +46,7 @@ static int do_fdtoverlay(const char *input_filename,
 {
 	char *blob = NULL;
 	char **ovblob = NULL;
-	size_t blob_len, ov_len, total_len;
+	size_t blob_len, total_len;
 	int i, ret = -1;
 
 	blob = utilfdt_read(input_filename, &blob_len);
@@ -70,12 +70,20 @@ static int do_fdtoverlay(const char *input_filename,
 	/* read and keep track of the overlay blobs */
 	total_len = 0;
 	for (i = 0; i < argc; i++) {
+		size_t ov_len;
 		ovblob[i] = utilfdt_read(argv[i], &ov_len);
 		if (!ovblob[i]) {
 			fprintf(stderr, "\nFailed to read overlay %s\n",
 					argv[i]);
 			goto out_err;
 		}
+		if (fdt_totalsize(ovblob[i]) > ov_len) {
+			fprintf(stderr,
+"\nOverlay '%s' is incomplete (%lu / %" PRIu32 " bytes read)\n",
+				argv[i], (unsigned long)ov_len,
+				fdt_totalsize(ovblob[i]));
+			goto out_err;
+		}
 		total_len += ov_len;
 	}