You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ma...@apache.org on 2016/06/06 22:48:54 UTC

incubator-mynewt-core git commit: imgmgr; reject image upload if image would not fit.

Repository: incubator-mynewt-core
Updated Branches:
  refs/heads/develop d42eddc47 -> 7bd06f431


imgmgr; reject image upload if image would not fit.


Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/7bd06f43
Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/7bd06f43
Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/7bd06f43

Branch: refs/heads/develop
Commit: 7bd06f43193a22773819156db96e2baa59125fb2
Parents: d42eddc
Author: Marko Kiiskila <ma...@runtime.io>
Authored: Mon Jun 6 15:48:21 2016 -0700
Committer: Marko Kiiskila <ma...@runtime.io>
Committed: Mon Jun 6 15:49:19 2016 -0700

----------------------------------------------------------------------
 libs/bootutil/include/bootutil/image.h | 3 +++
 libs/imgmgr/src/imgmgr.c               | 8 ++++++++
 2 files changed, 11 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/7bd06f43/libs/bootutil/include/bootutil/image.h
----------------------------------------------------------------------
diff --git a/libs/bootutil/include/bootutil/image.h b/libs/bootutil/include/bootutil/image.h
index cf5ae34..9b9f869 100644
--- a/libs/bootutil/include/bootutil/image.h
+++ b/libs/bootutil/include/bootutil/image.h
@@ -49,6 +49,9 @@ struct image_version {
     uint32_t iv_build_num;
 };
 
+#define IMAGE_SIZE(hdr)                                                 \
+    ((hdr)->ih_tlv_size + (hdr)->ih_hdr_size + (hdr)->ih_img_size)
+
 /** Image header.  All fields are in little endian byte order. */
 struct image_header {
     uint32_t ih_magic;

http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/7bd06f43/libs/imgmgr/src/imgmgr.c
----------------------------------------------------------------------
diff --git a/libs/imgmgr/src/imgmgr.c b/libs/imgmgr/src/imgmgr.c
index b7a31da..5e8539a 100644
--- a/libs/imgmgr/src/imgmgr.c
+++ b/libs/imgmgr/src/imgmgr.c
@@ -141,6 +141,10 @@ imgr_read_info(int area_id, struct image_version *ver, uint8_t *hash)
     data_off = hdr->ih_hdr_size + hdr->ih_img_size;
     data_end = data_off + hdr->ih_tlv_size;
 
+    if (data_end > fa->fa_size) {
+        rc = 1;
+        goto end;
+    }
     tlv = (struct image_tlv *)data;
     while (data_off + sizeof(*tlv) <= data_end) {
         rc2 = flash_area_read(fa, data_off, tlv, sizeof(*tlv));
@@ -419,6 +423,10 @@ imgr_upload(struct nmgr_jbuf *njb)
                 rc = NMGR_ERR_EINVAL;
                 goto err;
             }
+	    if (IMAGE_SIZE(hdr) > imgr_state.upload.fa->fa_size) {
+                rc = NMGR_ERR_EINVAL;
+                goto err;
+            }
             /*
              * XXXX only erase if needed.
              */