env: Crash in 'env import' when using checksum and a specific size

This patch adds a sanity check that avoids 'size' to overflow and crash when importing an environment that contains a checksum. Example with the wrong size that causes the crash: => env import -c 0x4100000 3 v1 This assumes that v1 has already been successfully exported with 'env export -c -s 0x100 0x4100000 v1' Signed-off-by: Pedro Aguilar <pedro.aguilar@vimar.com>
author: Pedro Aguilar <pedro.aguilar@vimar.com> 2020-08-31 11:01:41 +0200
committer: Tom Rini <trini@konsulko.com> 2020-09-11 17:13:56 -0400
commit: 142775a52bc97d5273922970b8a9cc9f95091359 (patch)
tree: a8812bfe240568d9831a077d99d345f43d294d4c /cmd
parent: 21d3946840fd62dc09e93986743915bcbac100b7 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/cmd/nvedit.c b/cmd/nvedit.c
index d188c6aa6b..9f145dd284 100644
--- a/cmd/nvedit.c
+++ b/cmd/nvedit.c
@@ -1171,6 +1171,11 @@ static int do_env_import(struct cmd_tbl *cmdtp, int flag,
 		uint32_t crc;
 		env_t *ep = (env_t *)ptr;
 
+		if (size <= offsetof(env_t, data)) {
+			printf("## Error: Invalid size 0x%zX\n", size);
+			return 1;
+		}
+
 		size -= offsetof(env_t, data);
 		memcpy(&crc, &ep->crc, sizeof(crc));
author	Pedro Aguilar <pedro.aguilar@vimar.com>	2020-08-31 11:01:41 +0200
committer	Tom Rini <trini@konsulko.com>	2020-09-11 17:13:56 -0400
commit	142775a52bc97d5273922970b8a9cc9f95091359 (patch)
tree	a8812bfe240568d9831a077d99d345f43d294d4c /cmd
parent	21d3946840fd62dc09e93986743915bcbac100b7 (diff)