tools: kwboot: Fix sending very small images

Sending of very small images (smaller than 128 bytes = xmodem block size) cause out-of-bound memory read access. Fix this issue by ensuring that hdrsz when sending image is not larger than total size of the image. Issue was introduced in commit f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images"). Special case when total image is smaller than header size aligned to multiply of xmodem size is already handled since that commit. Fixes: f8017c37799c ("tools: kwboot: Fix sending Kirkwood v0 images") Signed-off-by: Pali Rohár <[email protected]> Reviewed-by: Stefan Roese <[email protected]>
author: Pali Rohár <[email protected]> 2023-03-23 20:57:54 +0100
committer: Stefan Roese <[email protected]> 2023-03-24 13:13:47 +0100
commit: bb949e1da02b1744645e0c3a46fe9c2a67197fe8 (patch)
tree: 7864913f1f3963292b3d8a0cdc02d0632c4c0db4 /tools/kwboot.c
parent: 2b7852c2aadf946405e933ee067c4c36f15393d1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/tools/kwboot.c b/tools/kwboot.c
index 61a9c3065aa..dc690636007 100644
--- a/tools/kwboot.c
+++ b/tools/kwboot.c
@@ -1455,6 +1455,8 @@ kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate)
 	 * followed by the header. So align header size to xmodem block size.
 	 */
 	hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ;
+	if (hdrsz > size)
+		hdrsz = size;
 
 	pnum = 1;
author	Pali Rohár <[email protected]>	2023-03-23 20:57:54 +0100
committer	Stefan Roese <[email protected]>	2023-03-24 13:13:47 +0100
commit	bb949e1da02b1744645e0c3a46fe9c2a67197fe8 (patch)
tree	7864913f1f3963292b3d8a0cdc02d0632c4c0db4 /tools/kwboot.c
parent	2b7852c2aadf946405e933ee067c4c36f15393d1 (diff)