From 67fafb1230763433cb2ee5cb75e03dc6d75f0641 Mon Sep 17 00:00:00 2001
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Date: Sat, 11 Feb 2017 20:57:51 +0100
Subject: scripts: kwboot: fix image check for padded images
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When there is some padding between header and payload the claim

	header_size + image_size == file_size

fails. Relax the check accordingly to:

	header_size <= image_offset &&
	image_offset + image_size == file_size

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 scripts/kwboot.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'scripts/kwboot.c')

diff --git a/scripts/kwboot.c b/scripts/kwboot.c
index 9e4181e539..3ab26cd936 100644
--- a/scripts/kwboot.c
+++ b/scripts/kwboot.c
@@ -603,7 +603,7 @@ static int
 kwboot_check_image(unsigned char *img, size_t size)
 {
 	size_t i;
-	size_t header_size, image_size;
+	size_t header_size, image_size, image_offset;
 	unsigned char csum = 0;
 
 	if (size < 0x20) {
@@ -640,12 +640,20 @@ kwboot_check_image(unsigned char *img, size_t size)
 
 	image_size = img[0x4] | (img[0x5] << 8) |
 		(img[0x6] << 16) | (img[0x7] << 24);
+	image_offset = img[0xc] | (img[0xd] << 8) |
+		(img[0xe] << 16) | (img[0xf] << 24);
 
 	header_size = (img[0x9] << 16) | img[0xa] | (img[0xb] << 8);
 
-	if (header_size + image_size != size) {
-		fprintf(stderr, "Size mismatch (%zu + %zu != %zu)\n",
-			header_size, image_size, size);
+	if (header_size > image_offset) {
+		fprintf(stderr, "Header (%zu) expands over image start (%zu)\n",
+			header_size, image_offset);
+		return 1;
+	}
+
+	if (image_offset + image_size != size) {
+		fprintf(stderr, "Image doesn't end at file end (%zu + %zu != %zu)\n",
+			image_offset, image_size, size);
 		return 1;
 	}
 
-- 
cgit v1.2.3