diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2017-09-27 19:44:50 +1000 |
---|---|---|
committer | David Gibson <david@gibson.dropbear.id.au> | 2017-09-27 20:00:10 +1000 |
commit | b6a6f9490d19317200f2b23a5934ed32797734b8 (patch) | |
tree | 98df3bb09b8cc0a22a7584fa31a83ab7a04c5501 /fdtoverlay.c | |
parent | 8c1eb1526d2d02f34bfe6f94dacba60834ae9f79 (diff) | |
download | device-tree-compiler-b6a6f9490d19317200f2b23a5934ed32797734b8.tar.gz |
fdtoverlay: Sanity check blob size
The fdtoverlay utility reads in the base fdt blob, then expands it to make
room for all the overlays requested. However, it uses the totalsize field
of the base blob without verifying that it actually read all of it in (it's
possible the blob file could have been truncated).
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'fdtoverlay.c')
-rw-r--r-- | fdtoverlay.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/fdtoverlay.c b/fdtoverlay.c index 9c5618c..7f124fc 100644 --- a/fdtoverlay.c +++ b/fdtoverlay.c @@ -27,6 +27,7 @@ #include <stdlib.h> #include <string.h> #include <alloca.h> +#include <inttypes.h> #include <libfdt.h> @@ -69,6 +70,12 @@ static int do_fdtoverlay(const char *input_filename, input_filename); goto out_err; } + if (fdt_totalsize(blob) > blob_len) { + fprintf(stderr, + "\nBase blob is incomplete (%lu / %" PRIu32 " bytes read)\n", + (unsigned long)blob_len, fdt_totalsize(blob)); + goto out_err; + } ret = 0; /* allocate blob pointer array */ |