diff options
author | Furquan Shaikh <furquan@google.com> | 2018-09-07 00:00:10 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-09-07 14:29:04 -0700 |
commit | 5ed334d26cba9be660ad46c186e46e830993aa98 (patch) | |
tree | 87ee9be40532438c3bf34a735f1e58b637eaa997 | |
parent | 9fa18683c9b55d47d0ef530b5bd5a057d04b782a (diff) | |
download | vboot-5ed334d26cba9be660ad46c186e46e830993aa98.tar.gz |
validate_rec_mrc: Check size before reading metadata
This change ensures that the slot_len is enough to hold the metadata
before attempting to actually read it.
BUG=None
BRANCH=None
TEST=None
Change-Id: Ief50edccc7a73c2c3002f772c616e4ed5557ecbd
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1212528
Commit-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Hung-Te Lin <hungte@chromium.org>
-rw-r--r-- | futility/cmd_validate_rec_mrc.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/futility/cmd_validate_rec_mrc.c b/futility/cmd_validate_rec_mrc.c index 6c068069..e4b57d89 100644 --- a/futility/cmd_validate_rec_mrc.c +++ b/futility/cmd_validate_rec_mrc.c @@ -84,6 +84,12 @@ unsigned long compute_ip_checksum(const void *addr, unsigned long length) static int verify_mrc_slot(struct mrc_metadata *md, unsigned long slot_len) { uint32_t header_checksum; + + if (slot_len < sizeof(*md)) { + fprintf(stderr, "Slot too small!\n"); + return 1; + } + if (md->signature != MRC_DATA_SIGNATURE) { fprintf(stderr, "MRC signature mismatch\n"); return 1; |