util/ifittool: Fix buffer overflow with padded microcode patches
Some microcode patches are padded with zeros, which make parse_microcode_blob() read beyond the end of the buffer. BRANCH=firmware-brya-14505.B BUG=b:245380705 TEST=No segmentation fault with a padded microcode patch Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com> Change-Id: Id9c5fb6c1e264f3f5137d29201b9021c72d78fdd Reviewed-on: https://review.coreboot.org/c/coreboot/+/67460 Reviewed-by: Tim Wawrzynczak <twawrzynczak@chromium.org> Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Cliff Huang <cliff.huang@intel.com> Reviewed-by: Nick Vaccaro <nvaccaro@google.com> Reviewed-by: Angel Pons <th3fanbus@gmail.com>
This commit is contained in:
parent
f4a8a92cc2
commit
46ffccd753
|
@ -297,7 +297,8 @@ parse_microcode_blob(struct cbfs_image *image,
|
||||||
uint32_t total_size = mcu_header->total_size ?: 2048;
|
uint32_t total_size = mcu_header->total_size ?: 2048;
|
||||||
|
|
||||||
/* Quickly sanity check a prospective microcode update. */
|
/* Quickly sanity check a prospective microcode update. */
|
||||||
if (total_size < sizeof(*mcu_header))
|
if (total_size < sizeof(*mcu_header) ||
|
||||||
|
total_size > file_length)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/* FIXME: Should the checksum be validated? */
|
/* FIXME: Should the checksum be validated? */
|
||||||
|
|
Loading…
Reference in New Issue