Skip to content

Commit 73f03f2

Browse files
danielinuxdanielinux
committed
Self update: check size
Add a maximum size check for fw_size against the expected bootloader partition size F/230
1 parent 8a73b54 commit 73f03f2

2 files changed

Lines changed: 29 additions & 0 deletions

File tree

src/image.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1492,6 +1492,12 @@ int wolfBoot_open_self_address(struct wolfBoot_image* img, uint8_t* hdr,
14921492

14931493
img->hdr = hdr;
14941494
img->fw_size = wolfBoot_image_size(hdr);
1495+
#ifdef WOLFBOOT_FIXED_PARTITIONS
1496+
if (img->fw_size > (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)) {
1497+
img->fw_size = WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE;
1498+
return -1;
1499+
}
1500+
#endif
14951501
img->fw_base = image;
14961502
img->part = PART_SELF;
14971503
img->hdr_ok = 1;

tools/unit-tests/unit-image.c

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
#define EXT_FLASH
2929
#define PART_UPDATE_EXT
3030
#define NVM_FLASH_WRITEONCE
31+
#define WOLFBOOT_SELF_HEADER
3132

3233
#if defined(ENCRYPT_WITH_AES256) || defined(ENCRYPT_WITH_AES128)
3334
#define WOLFSSL_AES_COUNTER
@@ -61,6 +62,10 @@
6162
#include "wolfssl/wolfcrypt/sha.h"
6263
#include "wolfboot/wolfboot.h"
6364

65+
#ifndef ARCH_FLASH_OFFSET
66+
#define ARCH_FLASH_OFFSET WOLFBOOT_PARTITION_BOOT_ADDRESS
67+
#endif
68+
6469
#include "unit-keystore.c"
6570

6671
#include "image.c"
@@ -76,6 +81,11 @@ static int find_header_fail = 0;
7681
static int find_header_called = 0;
7782
static int find_header_mocked = 1;
7883

84+
uint8_t *wolfBoot_get_self_header(void)
85+
{
86+
return NULL;
87+
}
88+
7989
#if defined(WOLFBOOT_SIGN_ECC256)
8090
static const unsigned char pubkey_digest[SHA256_DIGEST_SIZE] = {
8191
0x17, 0x20, 0xa5, 0x9b, 0xe0, 0x9b, 0x80, 0x0c, 0xaa, 0xc4, 0xf5, 0x3f,
@@ -606,6 +616,8 @@ START_TEST(test_open_image)
606616
{
607617
struct wolfBoot_image img;
608618
int ret;
619+
uint8_t self_hdr[IMAGE_HEADER_SIZE];
620+
uint32_t oversize;
609621

610622

611623
/* invalid argument */
@@ -651,6 +663,17 @@ START_TEST(test_open_image)
651663
ck_assert_ptr_eq(img.hdr, (void *)WOLFBOOT_PARTITION_UPDATE_ADDRESS);
652664
ck_assert_ptr_eq(img.fw_base, (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS
653665
+ 256);
666+
667+
/* Self header must reject sizes beyond the partition payload budget */
668+
memset(self_hdr, 0xFF, sizeof(self_hdr));
669+
((uint32_t *)self_hdr)[0] = WOLFBOOT_MAGIC;
670+
oversize = WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE + 1;
671+
((uint32_t *)self_hdr)[1] = oversize;
672+
673+
memset(&img, 0, sizeof(img));
674+
ret = wolfBoot_open_self_address(&img, self_hdr,
675+
(uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS);
676+
ck_assert_int_eq(ret, -1);
654677
}
655678
END_TEST
656679

0 commit comments

Comments
 (0)