diff options
author | Aaro Koskinen <aaro.koskinen@iki.fi> | 2013-12-23 21:43:28 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-01-28 23:56:50 -0800 |
commit | 9f151df0eecfa9626169fbdbfb83101b3c9ba9da (patch) | |
tree | 44e2256731d2c50dd8395b7c12524d34f800a46b | |
parent | 959bd3d8dfeec81f56d950a842da0dcb80327975 (diff) | |
download | silo-9f151df0eecfa9626169fbdbfb83101b3c9ba9da.tar.gz |
tilo: sanity check image sizes
Sanity check image sizes to prevent buffer overflow.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | tilo/maketilo.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/tilo/maketilo.c b/tilo/maketilo.c index 30eaef4..6bc2f76 100644 --- a/tilo/maketilo.c +++ b/tilo/maketilo.c @@ -53,6 +53,14 @@ int root_tweak (char *s) return p ? (p + 32 + 0x1fff) & ~0x1fff : 0; /* add 32 bytes and round to 8 KB */ } +static void check_size (char const *name, int len, int pos, int max) +{ + if (max - pos < len) { + fprintf (stderr, "%s will not fit into the image.\n", name); + exit (EXIT_FAILURE); + } +} + int main (int argc, char **argv) { int i,len,rootlen; @@ -177,6 +185,8 @@ int main (int argc, char **argv) fseek (f, 0, SEEK_END); len = ftell (f); fseek (f, 0, SEEK_SET); + check_size (sun4_kernel, sun4_kernel_start - output_buffer, len, + MAX_BOOT_LEN); fread (sun4_kernel_start, 1, len, f); fclose (f); } else @@ -194,6 +204,8 @@ int main (int argc, char **argv) fseek (f, 0, SEEK_END); len = ftell (f); fseek (f, 0, SEEK_SET); + check_size (sun4c_kernel, sun4c_kernel_start - output_buffer, + len, MAX_BOOT_LEN); fread (sun4c_kernel_start, 1, len, f); fclose (f); } else @@ -211,6 +223,8 @@ int main (int argc, char **argv) fseek (f, 0, SEEK_END); len = ftell (f); fseek (f, 0, SEEK_SET); + check_size (sun4u_kernel, sun4u_kernel_start - output_buffer, + len, MAX_BOOT_LEN); fread (sun4u_kernel_start, 1, len, f); fclose (f); } else @@ -219,6 +233,8 @@ int main (int argc, char **argv) root_image_start = sun4u_kernel_start + len; if (root_image) { + check_size (root_image, root_image_start - output_buffer, len, + MAX_BOOT_LEN); fread (root_image_start, 1, rootlen, g); fclose (g); } |