env: Crash in 'env import' when using checksum and a specific size
This patch adds a sanity check that avoids 'size' to overflow and crash when importing an environment that contains a checksum. Example with the wrong size that causes the crash: => env import -c 0x4100000 3 v1 This assumes that v1 has already been successfully exported with 'env export -c -s 0x100 0x4100000 v1' Signed-off-by: Pedro Aguilar <pedro.aguilar@vimar.com>
This commit is contained in:
Pedro Aguilar
Tom Rini
parent
21d3946840
commit
142775a52b
1 changed files with 5 additions and 0 deletions
|
|
@ -1171,6 +1171,11 @@ static int do_env_import(struct cmd_tbl *cmdtp, int flag,
|
|||
uint32_t crc;
|
||||
env_t *ep = (env_t *)ptr;
|
||||
|
||||
if (size <= offsetof(env_t, data)) {
|
||||
printf("## Error: Invalid size 0x%zX\n", size);
|
||||
return 1;
|
||||
}
|
||||
|
||||
size -= offsetof(env_t, data);
|
||||
memcpy(&crc, &ep->crc, sizeof(crc));
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue