Fix various abort(), crashes, and memory errors
cbootimage doesn't have extensive error-checking of the input files. Thus it's easy to trigger aborts (which in turn segfault to exit the app) and bad memory accesses by providing under-sized binary input files or configuration files with missing required statements. Add a bit more error-checking to clean up some of these cases. No doubt there are more, but this change only fixes those that have been reported. Signed-off-by: Stephen Warren <swarren@nvidia.com> Reviewed-by: Thierry Reding <treding@nvidia.com>
This commit is contained in:
parent
7c9db585d0
commit
9de64c77f0
|
@ -239,7 +239,7 @@ main(int argc, char *argv[])
|
|||
|
||||
/* Get BCT_SIZE from input image file */
|
||||
bct_size = get_bct_size_from_image(&context);
|
||||
if (bct_size < 0) {
|
||||
if (bct_size <= 0) {
|
||||
printf("Error: Invalid input image file %s\n",
|
||||
context.input_image_filename);
|
||||
goto fail;
|
||||
|
@ -301,6 +301,19 @@ main(int argc, char *argv[])
|
|||
goto fail;
|
||||
}
|
||||
|
||||
if (!context.bct_init) {
|
||||
e = 1;
|
||||
printf("No BCT file has been read or generated.\n");
|
||||
printf("This is likely due to an incomplete config file.\n");
|
||||
goto fail;
|
||||
}
|
||||
if (!context.memory) {
|
||||
e = 1;
|
||||
printf("No output data generated.\n");
|
||||
printf("This is likely due to an incomplete config file.\n");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/* Peform final signing & encryption of bct. */
|
||||
e = sign_bct(&context, context.bct);
|
||||
if (e != 0) {
|
||||
|
|
|
@ -218,8 +218,10 @@ write_page(build_image_context *context,
|
|||
return -ENOMEM;
|
||||
if (block->data == NULL)
|
||||
return -ENOMEM;
|
||||
assert(((page_number + 1) * context->page_size)
|
||||
<= context->block_size);
|
||||
if (((page_number + 1) * context->page_size) > context->block_size) {
|
||||
printf("Page number outside block; likely config file error.\n");
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
if (block->pages_used != page_number) {
|
||||
printf("Warning: Writing page in block out of order.\n");
|
||||
|
@ -838,6 +840,11 @@ begin_update(build_image_context *context)
|
|||
|
||||
assert(context);
|
||||
|
||||
if (context->page_size_log2 < NVBOOT_AES_BLOCK_SIZE_LOG2) {
|
||||
printf("Page size is too small; likely config file error\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Ensure that the BCT block & page data is current. */
|
||||
if (enable_debug) {
|
||||
uint32_t block_size_log2;
|
||||
|
|
|
@ -249,7 +249,7 @@ parse_filename(char *str, char *name, int chars_remaining)
|
|||
* Check if the filename buffer is out of space, preserving one
|
||||
* character to null terminate the string.
|
||||
*/
|
||||
while (isalnum(*str) || strchr("\\/~_-+:.@", *str)) {
|
||||
while (*str && (isalnum(*str) || strchr("\\/~_-+:.@", *str))) {
|
||||
|
||||
chars_remaining--;
|
||||
|
||||
|
|
Loading…
Reference in New Issue