From: Stephen Warren <swarren@xxxxxxxxxx> cbootimage doesn't have extensive error-checking of the input files. Thus it's easy to trigger aborts (which in turn segfault to exit the app) and bad memory accesses by providing under-sized binary input files or configuration files with missing required statements. Add a bit more error-checking to clean up some of these cases. No doubt there are more, but this change only fixes those that have been reported. Signed-off-by: Stephen Warren <swarren@xxxxxxxxxx> --- src/cbootimage.c | 15 ++++++++++++++- src/data_layout.c | 11 +++++++++-- src/parse.c | 2 +- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/cbootimage.c b/src/cbootimage.c index ca781fa6dab1..e728c8b06801 100644 --- a/src/cbootimage.c +++ b/src/cbootimage.c @@ -239,7 +239,7 @@ main(int argc, char *argv[]) /* Get BCT_SIZE from input image file */ bct_size = get_bct_size_from_image(&context); - if (bct_size < 0) { + if (bct_size <= 0) { printf("Error: Invalid input image file %s\n", context.input_image_filename); goto fail; @@ -301,6 +301,19 @@ main(int argc, char *argv[]) goto fail; } + if (!context.bct_init) { + e = 1; + printf("No BCT file has been read or generated.\n"); + printf("This is likely due to an incomplete config file.\n"); + goto fail; + } + if (!context.memory) { + e = 1; + printf("No output data generated.\n"); + printf("This is likely due to an incomplete config file.\n"); + goto fail; + } + /* Peform final signing & encryption of bct. */ e = sign_bct(&context, context.bct); if (e != 0) { diff --git a/src/data_layout.c b/src/data_layout.c index 2ed486bf12b5..8301aec59b03 100644 --- a/src/data_layout.c +++ b/src/data_layout.c @@ -218,8 +218,10 @@ write_page(build_image_context *context, return -ENOMEM; if (block->data == NULL) return -ENOMEM; - assert(((page_number + 1) * context->page_size) - <= context->block_size); + if (((page_number + 1) * context->page_size) > context->block_size) { + printf("Page number outside block; likely config file error.\n"); + return -ENOMEM; + } if (block->pages_used != page_number) { printf("Warning: Writing page in block out of order.\n"); @@ -838,6 +840,11 @@ begin_update(build_image_context *context) assert(context); + if (context->page_size_log2 < NVBOOT_AES_BLOCK_SIZE_LOG2) { + printf("Page size is too small; likely config file error\n"); + return 1; + } + /* Ensure that the BCT block & page data is current. */ if (enable_debug) { uint32_t block_size_log2; diff --git a/src/parse.c b/src/parse.c index 99cb428b26fd..10060936c529 100644 --- a/src/parse.c +++ b/src/parse.c @@ -249,7 +249,7 @@ parse_filename(char *str, char *name, int chars_remaining) * Check if the filename buffer is out of space, preserving one * character to null terminate the string. */ - while (isalnum(*str) || strchr("\\/~_-+:.@", *str)) { + while (*str && (isalnum(*str) || strchr("\\/~_-+:.@", *str))) { chars_remaining--; -- 2.18.0