From: Pali Rohár <pali@kernel.org>
Date: Thu, 23 Mar 2023 19:57:54 +0000 (+0100)
Subject: tools: kwboot: Fix sending very small images
X-Git-Tag: baikal/mips/sdk6.2~4^2~3^2~175^2~24^2~2
X-Git-Url: https://git.baikalelectronics.ru/sdk/?a=commitdiff_plain;h=201a098bb458302dc797512bd558bb47697df41d;p=uboot.git

tools: kwboot: Fix sending very small images

Sending of very small images (smaller than 128 bytes = xmodem block size)
cause out-of-bound memory read access. Fix this issue by ensuring that
hdrsz when sending image is not larger than total size of the image.
Issue was introduced in commit 20a6585838ca ("tools: kwboot: Fix sending
Kirkwood v0 images"). Special case when total image is smaller than header
size aligned to multiply of xmodem size is already handled since that
commit.

Fixes: 20a6585838ca ("tools: kwboot: Fix sending Kirkwood v0 images")
Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Stefan Roese <sr@denx.de>
---

diff --git a/tools/kwboot.c b/tools/kwboot.c
index 61a9c3065a..dc69063600 100644
--- a/tools/kwboot.c
+++ b/tools/kwboot.c
@@ -1455,6 +1455,8 @@ kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate)
 	 * followed by the header. So align header size to xmodem block size.
 	 */
 	hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ;
+	if (hdrsz > size)
+		hdrsz = size;
 
 	pnum = 1;